Welcome to the new Splunkbase! To return to the old Splunkbase, .
TA-Respwnder app icon

TA-Respwnder

Splunk App To Detect LLMNR Poisoning Attacks

splunk product badge

Last Updated
September 17, 2025
Compatibility
This app has no available versions
Rating

0

(0)

Log in to rate this app
Support
TA-Respwnder support icon
Developer Supported addon
Splunk App To Detect LLMNR Poisoning Attacks This app can be deployed to Universal Forwarders to create a distributed detection network against LLMNR poisoning. You can and should disable LLMNR and similar mechnisms in your entire environment. Even with LLMNR disabled you can still make use of this app to mimic the active protocol in your network. The script has 2 functions: * Broadcast LLMNR requests for non-existing hostnames. These can be generated randomly or manually specified. * Optionally, if requests receive suspicious responses it's possible to authenticate against the attacker machine. This can be used to either give the attacker some busy work or you can later on track where they used the creds to login and therefore track the attacker within your network.

Categories

Created By

Regular Obsession

Type

addon

Downloads

24

Splunk Answers

Resources

Log in to report this app listing