Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.

Slides:



Advertisements
Similar presentations
© 2012 YP Intellectual Property LLC. All rights reserved. YP, the YP logo and all other YP marks contained herein are trademarks of YP Intellectual Property.
Advertisements

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms
Updates to ‘dnscap’ Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
SAP checks if USER ID & Password combination is valid. No identification. User requests Log-on, enters USER ID & Password, (not necessarily their own)!
Open Resolvers in COM/NET Resolution Duane Wessels, Aziz Mohaisen DNS-OARC 2014 Spring Workshop Warsaw, Poland.
Novell Vibe Webinar: Basic Business Issues March 6 th and 8 th Adam Wingate, Justin Larson, Landon Stott, Craig Altom Vibe Resource Library
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Individual User Logins
Measuring DANE TLSA Deployment Liang Zhu 1, Duane Wessels 2, Allison Mankin 2, John Heidemann 1 1. USC ISI 2. Verisign Labs 1.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Harness Your Internet Activity. Zeroing in On Zero Days DNS OARC Spring 2014 Ralf Weber
Network Abuse Handling in CNNIC and JPNIC Terence Zhang, CNNIC Izumi Okutani, JPNIC.
Welcome Today Our Topics are: DNS (The Potential Problem for Complete Anonymity) Transparent DNS Proxy (The Problem & The Solution) How To.
Friends of Welcoming Goal: Provide tools and support that help increase understanding and positive interactions between US and foreign born around the.
By Daniel Siassi.  XHTML  For Structure  CSS  For Stylization of Structure  SQL Database  Store Customer, Calendar, and Order Data  PHP  Server-side.
IDsurv.org An innovative Infectitious Disease and Serious AEFI surveillance system.
DNSHarness Duane Wessels DNS-OARC Workshop, Dublin May 12, 2013.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
© 2012 Autodesk Autodesk® Revit® Structure: From Design to Detailing and Fabrication to Construction Allen Levy Applications Specialist.
How Communication Management Improves Localization Management Isabelle Fleury ©
April 30, 2007 openSUSE.org Build Service a short introduction Moiz Kohari VP Engineering.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Welcome to MyFoundationsLab. MyFoundationsLab is an online assessment and learning system for reading, writing, and mathematics.
On the Privacy Concerns of URL Query Strings Andrew G. West (Verisign Labs) and Adam J. Aviv (USNA) May 18, 2014 – Web 2.0 Security & Privacy.
Why SLD Blocking Misses the Point Burt Kaliski, Verisign gTLD Collisions Workshop October 29, 2013.
Security at NCAR David Mitchell February 20th, 2007.
Module 14 Configuring Security for SQL Server Agent.
Client/User Analysis Website Design. 2 Questions to be answered: What is the purpose of the site? What is the purpose of the site? Who is the site for?
1 Extending User Profiles with Line of Business Data Patrick Curran, MCT.
FCC CSRIC III Working Group 5 DNSSEC Implementation Practices Steve Crocker CEO, Shinkuro, Inc. March 6, 2013 Working Group 5: DNSSEC.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Profiles and Active Directory Overview User profiles –Import from Active Directory –Creating.
1 Chapter Overview Defining Operators Creating Jobs Configuring Alerts Creating a Database Maintenance Plan Creating Multiserver Jobs.
A study of caching behavior with respect to root server TTLs Matthew Thomas, Duane Wessels October 3 rd, 2015.
MyAPNIC Survey 2015 What have we learned? APNIC Services Vivek Nigam 9 September 2015 Jakarta.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Using GStat 2.0 for Information Validation.
Advanced, Programmable Cloud-based GSLB to Optimize Performance and Availability Terry Bernstein Senior Product Manager Verisign Managed DNS Service.
1 Apartments.com Exclusive Secret Shopping Tool December, 2004.
APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.
Copyright © 2004, Keith D Swenson, All Rights Reserved. OASIS Asynchronous Service Access Protocol (ASAP) Tutorial Overview, OASIS ASAP TC May 4, 2004.
Fulfillment Review (FR) Process YP Proprietary Information (Internal Use Only): ©2013 YP Intellectual Property LLC. All rights reserved. YP, the YP logo.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
© 2014 Autodesk Getting started with Desktop Subscription.
HOW TO REPAIR INCREDIMAIL ERRORS?. Overview  IncrediMail is one of the desktop-based programs which allocate you to share newsletter messages.
The Domain Name System (DNS) – The online directory DNS Simplified.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
The hitch hikers guide to cyberspace. Tool to cut down on the need to remember numbers in place of words.
System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.
VitaScan Online Calibration
Penetration Test Debrief
Penetration Test Debrief
Welcome to the Credit Hours System
MEC /16/ :53 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Welcome and thank you for choosing SharkGate
SHFC Message Board.
Volunteer & Teacher Online Registration
Allocating IP Addressing by Using Dynamic Host Configuration Protocol
This is the Sign In page for the Dashboard
Business Owner – Registration Process
6. Application Software Security
Step 1: Choose your Level
Presentation transcript:

Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013

2 What Is An Open DNS Resolver? Probe Target Auth query (no reply) Probe Target Auth query reply Probe Target Auth query reply Probe Target Auth query reply query (no reply) reply query ✖ No ✔ Yes ✖ No Duane’s definition: An Open Resolver is a DNS server which accepts queries from outside of its administrative domain and attempts to resolve the query by forwarding it to other name servers.

3 Recent increased awareness of open resolvers thanks to record-breaking DDoS attacks and Jared’s Open DNS Resolver Project Other Surveys/data by: Team Cymru The Measurement Factory Open Resolver Awareness

4 Updated on surveyor’s schedule Want to provide data to address space owners, but keep it away from the bad guys TMF selects addresses from whois data and handles other inquiries manually. Cymru always validates manually? openresolverproject limits searches to IPv4 /22 and others validated manually. Surveyor might receive some abuse complaint s. IPv6 surveys unrealistic. Open Resolver Surveys

5 On the user’s schedule. Probes initiated by the user from addresses of their choosing. Offers some motivation to not scan other’s address space. IPv6 a possibility. The user knows which addresses are in use. But: no public pressure (shaming). Self-Service Scanning?

6 How Does It Work?

7 Register for an account. Create a “token” for some chunk of address space. Token valid for 7 days. Run the scanner tool. Sends queries to coded names in orscan.verisignlabs.com Authoritative name server validates and logs received queries. Authoritative name server does not reply! Login to view scan results. Overview

8 Identify an instance of a scan Some crypto to prevent simple spoofing Time-limited (one week) to prevent replays Restrict the scope of scanning IPv4 /8 IPv6 /64 Why Tokens?

9 Step-by-Step Example

10 Login

11 Create a Token

12 Run the Scan

13 Check Results

14 Detailed Results

15 Feedback Welcomed!

Thank You © 2013 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.