passive dns
play

Passive DNS Michael Mitterer October 13, 2017 Chair of Network - PowerPoint PPT Presentation

Sep 19, 2023 •20 likes •220 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Passive DNS Michael Mitterer October 13, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Passive DNS Michael Mitterer October 13, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Background DNS The DNS query process M. Mitterer — pDNS 2

  3. Background DNS Resource Record DNS answer querying microsoft.com. M. Mitterer — pDNS 3

  4. Background Passive DNS The Passive DNS attempts M. Mitterer — pDNS 4

  5. Outline Usage of Passive DNS Finding Malicious Domains Enhance Functionality and Availability Monitoring DNS Spying Users M. Mitterer — pDNS 5

  6. Finding Malicious Domains Fast-Flux Domains • Domains of Fast-Flux networks • Provides malicious services/phishing networks • Set of IP addresses changes The structure of a Fast-Flux network M. Mitterer — pDNS 6

  7. Finding Malicious Domains Detection via Passive DNS Use of Passive DNS to detect Fast-Flux domains ⇒ Big amount of DNS traffic M. Mitterer — pDNS 7

  8. Finding Malicious Domains Basic tool structure using the example of FluxBuster Structure of FluxBuster Basic structure: • Capture DNS traffic passively • Filter traffic • Cluster domains • Classify clusters Advantages [3]: → 64.5% of malicious domains were detected earlier than using other methods → 62% of flux agent IPs were previously unknown M. Mitterer — pDNS 8

  9. Finding Malicious Domains Fast Flux Monitor Architecture of Fast Flux Monitor Aim: → Decide whether a given domain is a Fast-Flux domain Advantages: → Detection rate of 96.6% [2] M. Mitterer — pDNS 9

  10. Finding Malicious Domains EXPOSURE Aim: → Finding different kinds of malicious domains “in the wild” Scientific contribution [1]: → Experiment run from December 28, 2010 over 17 months → Early detection of malicious domains (>50% only detected by EXPOSURE) → Identified 200 new malicious domains per day → Most malicious domains belonged to .info, .org, or .biz TLDs → Most malicious domains were hosted in US, Germany, or South Korea M. Mitterer — pDNS 10

  11. Enhance Functionality and Availability Improving DNS • Enhance Availability • Monitoring DNS M. Mitterer — pDNS 11

  12. Enhance Functionality and Availability Enhance Availability Passive DNS Replication Disadvantages: → Long time until all records are replicated → Inconsistency M. Mitterer — pDNS 12

  13. Enhance Functionality and Availability Monitoring DNS Monitor DNS usage M. Mitterer — pDNS 13

  14. Spying Users Privacy Problems - EDNS Transmitted information with EDNS M. Mitterer — pDNS 14

  15. Spying Users Privacy Problems - QNAME minimization Transmitted information using QNAME minimization M. Mitterer — pDNS 15

  16. Spying Users Solutions DNSSEC: Not encrypted � ⇒ Traffic readable ⇒ Traffic has to be encrypted: • DNSCrypt • DNS Privacy Project • DNS over TLS M. Mitterer — pDNS 16

  17. Conclusion Conclusion Passive DNS... • ... can make the Internet more secure • ... improves DNS • ... leads to huge privacy issues M. Mitterer — pDNS 17

  18. Questions? Questions? M. Mitterer — pDNS 18

  19. Backup Privacy Problems Extract of a DNS query requesting in.tum.de M. Mitterer — pDNS 19

  20. Bibliography [1] L. Bilge, S. Sen, D. Balzarotti, E. Kirda, and C. Kruegel. Exposure: a Passive DNS Analysis Service to Detect and Report Malicious Domains. ACM Transactions on Information and System Security , 16(4):14:1–14:28, Apr. 2014. [2] A. Caglayan, M. Toothaker, D. Drapeau, D. Burke, and G. Eaton. Real-Time Detection of Fast Flux Service Networks. In Conference for Homeland Security, 2009. CATCH’09. Cybersecurity Applications & Technology , pages 285–292. IEEE, 2009. [3] R. Perdisci, I. Corona, and G. Giacinto. Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis. IEEE Transactions on Dependable and Secure Computing , 9(5):714–726, 2012. M. Mitterer — pDNS 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reduce passive income, reduce taxes We help. You grow. What is passive income and why does it

Reduce passive income, reduce taxes We help. You grow. What is passive income and why does it

Reduce passive income, reduce taxes We help. You grow. What is passive income and why does it matter? Federal government changed rules, effective for tax years that begin after 2018. Canadian controlled private corporations (CPCC) Passive

193 views • 8 slides
Passive Gas System Design PRESENTED BY BRYAN WELDON P.E. Passive System Overview 01 Passive

Passive Gas System Design PRESENTED BY BRYAN WELDON P.E. Passive System Overview 01 Passive

Passive Gas System Design PRESENTED BY BRYAN WELDON P.E. Passive System Overview 01 Passive Components 02 Integrating and Upgrading 03 Questions 04 2 Passive System Overview ___ 3 Passive Gas System ___ 4 Passive Gas System Usually

332 views • 12 slides
Passive Fire Protection For the Oil & Gas Industry Passive Fire Protection What is purpose

Passive Fire Protection For the Oil & Gas Industry Passive Fire Protection What is purpose

Passive Fire Protection For the Oil & Gas Industry Passive Fire Protection What is purpose of fireproofing? To Save Lives To Preserve Assets To Prevent Escalation Passive Fire Protection Passive Fire Protection Passive Fire

311 views • 29 slides
What Are Active and Passive Voice? Can you write definitions for active and passive

What Are Active and Passive Voice? Can you write definitions for active and passive

What Are Active and Passive Voice? Can you write definitions for active and passive voice? Active Voice In an active sentence, the subject performs the action (the verb) to the object . Passive Voice In a passive sentence, the thing

610 views • 14 slides
Passive Transport (no energy input required) Passive Transport Passive transport is the

Passive Transport (no energy input required) Passive Transport Passive transport is the

Passive Transport (no energy input required) Passive Transport Passive transport is the movement of ions and other molecules across cell membranes without the need of energy input (ATP) Ions or molecules move from an area of higher

650 views • 33 slides
Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St

Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St

Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St Sauver, Scientist 1 Agenda Introduction Passive DNS, Including Times When Passive DNS May Not Work Well Overcoming Obfuscation Pillz

962 views • 47 slides
Active / Passive Voice Acquistion THE PASSIVE VOICE IS EVIL. Two exceptions:

Active / Passive Voice Acquistion THE PASSIVE VOICE IS EVIL. Two exceptions:

Active / Passive Voice Acquistion THE PASSIVE VOICE IS EVIL. Two exceptions: blame-shifting scientific writing Acquisition Active Voice: the subject performs the action of the verb Example: The dog attacked my neighbor.

595 views • 21 slides
How Fast Does a Passive Scalar Decay? (Decay of Chaotically Advected Passive Scalars in the Zero

How Fast Does a Passive Scalar Decay? (Decay of Chaotically Advected Passive Scalars in the Zero

How Fast Does a Passive Scalar Decay? (Decay of Chaotically Advected Passive Scalars in the Zero Diffusivity Limit) Yue-Kin Tsang Courant Institute of Mathematical Sciences New York University Thomas M. Antonsen, Jr. and Edward Ott University

381 views • 24 slides
Background and involvement in passive seismic Passive Seismic in the Literature World Oil

Background and involvement in passive seismic Passive Seismic in the Literature World Oil

Background and involvement in passive seismic Passive Seismic in the Literature World Oil Article Geo Expo Article AAGP Explorer Article Basic Equipment Gear and ATV Seismometer Data Recorder Monitor Hookup Problems Problems Wind

733 views • 42 slides
1 Measurement Passive Measurements Sprint has a passive measurement architecture Passive

1 Measurement Passive Measurements Sprint has a passive measurement architecture Passive

Introduction Impact of Link Failures on VoIP Performance Tier-1 ISPs interested in providing Voice- Over-IP (VoIP) Need to provide quality International Workshop on Network and Operating Voice quality and availability System

394 views • 6 slides
Passive Voice vs. Active Voice 1 06.19.10 || English 1301: Composition I || D. Glen Smith,

Passive Voice vs. Active Voice 1 06.19.10 || English 1301: Composition I || D. Glen Smith,

Passive Voice vs. Active Voice 1 06.19.10 || English 1301: Composition I || D. Glen Smith, instructor Passive Verbs Avoid excessive use of passive verbs. They can bog down descriptive writing and create boring sentences. (See Bedford p 142.)

202 views • 5 slides
PASSIVE HOUSE: Building Inherent Value Owner/Developer: Homeowners Rehab FINCH CAMBRIDGE

PASSIVE HOUSE: Building Inherent Value Owner/Developer: Homeowners Rehab FINCH CAMBRIDGE

PASSIVE HOUSE: Building Inherent Value Owner/Developer: Homeowners Rehab FINCH CAMBRIDGE 98 affordable family units Opening April 1 2020 Surge in Interest in Passive House in MA Fall 2018: Mass CEC Passive House Design Incentives

626 views • 20 slides
Passive Sampling of Porewater Porewater for the for the Passive Sampling of In- -situ

Passive Sampling of Porewater Porewater for the for the Passive Sampling of In- -situ

Passive Sampling of Porewater Porewater for the for the Passive Sampling of In- -situ Assessment of Bioavailability situ Assessment of Bioavailability In Danny D. Reible, PhD, PE, DEE, NAE University of Texas Linking Sediment Exposure and

543 views • 23 slides
Safety (Electronics) is Still Beating Tom Borninski Autoliv Electronics America Passive Safety

Safety (Electronics) is Still Beating Tom Borninski Autoliv Electronics America Passive Safety

The Heart of Passive Safety (Electronics) is Still Beating Tom Borninski Autoliv Electronics America Passive Safety and Our Naming Problem With ~15 years and many millions of these hearts of passive safety in existence, we still

269 views • 11 slides
Scrutinizing a Country using Passive DNS and Picviz or how to analyze big dataset without loosing

Scrutinizing a Country using Passive DNS and Picviz or how to analyze big dataset without loosing

Scrutinizing a Country using Passive DNS and Picviz or how to analyze big dataset without loosing your mind Sebastien Tricaud, Alexandre Dulaunoy March 10, 2012 Disclaimer Passive DNS is a technique to collect only valid answers from

772 views • 38 slides
Use-cases for Passive Measurement in Wireless Networks

Use-cases for Passive Measurement in Wireless Networks

Use-cases for Passive Measurement in Wireless Networks dra9-deng-ippm-passive-wireless-usecase-00 Lingli Deng, China Mobile Lianshu Zheng, Huawei

87 views • 8 slides
Playing spy games in Iris Paulo Em lio de Vilhena, Jacques-Henri Jourdan, Fran cois Pottier

Playing spy games in Iris Paulo Em lio de Vilhena, Jacques-Henri Jourdan, Fran cois Pottier

Playing spy games in Iris Paulo Em lio de Vilhena, Jacques-Henri Jourdan, Fran cois Pottier October 28, 2019 1 / 51 Contents Local generic solvers Spying: implementation and specification of modulus Spying: verification of modulus The

908 views • 51 slides
Fostering Spiritual Growth in the Church Fostering Spiritual Growth in the Church bit.ly/SG-ST

Fostering Spiritual Growth in the Church Fostering Spiritual Growth in the Church bit.ly/SG-ST

Fostering Spiritual Growth in the Church Fostering Spiritual Growth in the Church bit.ly/SG-ST Oakland International Fellowship Fostering Spiritual Growth in the Church 3 Stages of 0 0 Spiritual Life Is 54 Is 54 2 Lessons: 1 1

962 views • 16 slides
Joshua 1:1-9 Bibles Are Available On The Back Table Download This Presentation At

Joshua 1:1-9 Bibles Are Available On The Back Table Download This Presentation At

Open Your Bible To: Joshua 1:1-9 Bibles Are Available On The Back Table Download This Presentation At LivingWaterCorona.com/slides Read the Bible In 3 Years with us! Sign up for daily reminders on MyBibleReading.com Joshua 1 Be Strong

577 views • 18 slides
Work Matters Performance = After 17 hours of work 0.05% blood alcohol What does God say about

Work Matters Performance = After 17 hours of work 0.05% blood alcohol What does God say about

Work Matters Performance = After 17 hours of work 0.05% blood alcohol What does God say about work? 1. Work is part of Gods big picture God created all things God is progressing the created order Creation starts in a perfect garden and

380 views • 15 slides
Epistemic Game Theory Part 2: Lexicographic Beliefs in Static Games Andrs Perea Maastricht

Epistemic Game Theory Part 2: Lexicographic Beliefs in Static Games Andrs Perea Maastricht

Epistemic Game Theory Part 2: Lexicographic Beliefs in Static Games Andrs Perea Maastricht University Ancona, August 27, 2019 Andrs Perea (Maastricht University) Epistemic Game Theory Ancona, August 27, 2019 1 / 42 Outline Yesterday,

710 views • 42 slides
Brighton High School Credit Recovery What is Credit Recovery? Recovering the credit if you

Brighton High School Credit Recovery What is Credit Recovery? Recovering the credit if you

Brighton High School Credit Recovery What is Credit Recovery? Recovering the credit if you have failed a Core Class (i.e. Math, English, Science, Social Studies & Health). These are credits that are required to be on track to

560 views • 10 slides
Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing

Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing

Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing something a little like a cyber Cold War. -- Dmitri Alperovitch, VP Threat Research, McAfee How Cyberwar is like the Cold War Its not a war.

744 views • 43 slides
Matrix Calculations: Determinants and Basis Transformation A. Kissinger Institute for Computing

Matrix Calculations: Determinants and Basis Transformation A. Kissinger Institute for Computing

Determinants Change of basis Radboud University Nijmegen Matrices and basis transformations Matrix Calculations: Determinants and Basis Transformation A. Kissinger Institute for Computing and Information Sciences Radboud University Nijmegen

562 views • 29 slides

More recommend