Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passive DNS Evolution presented by April Lorenzen.

Published byMagnus Walton Modified over 8 years ago

Similar presentations

Presentation on theme: "Passive DNS Evolution presented by April Lorenzen."— Presentation transcript:

1 Passive DNS Evolution presented by April Lorenzen

2 What is Passive DNS? ● DNS questions and answers are logged ● The collector doesn't decide what question is asked ● The collector passively collects the answers to DNS questions that are asked in the course of various general internet use ● Collected data is used for research purposes

3 Privacy? ● A passive DNS collector doesn't need to collect who asked the question Example of data collected Question: www.ISC.orgwww.ISC.org Answer: 204.152.184.88 ● Is this publically available operational info?

4 Mining Passive DNS Data ● Discover some types of malicious activity ● Estimate technology adoption rates ● Observe the extent of DNS server configuration errors ● Academic research ● Law enforcement research

5 Successful Passive DNS Projects ● Florian Weimer's “Passive DNS Replication” project has been gathering data since 2004: ● http://www.enyo.de/fw/software/dnslogger/ ● RUS-CERT has a limited public web interface for searching passive DNS data: ● http://cert.uni-stuttgart.de/stats/dns-replication.php

6 Current Uses of Florian's PDR ● Researchers look up resources used by a known malicious domain or IP ● Uncover related domains and IP addresses that are otherwise invisible ● Effective for discovering more about some phishing / malware / virus propagation ● Anti-spam research

7 ISC Passive DNS Collector Project Status ● Will provide non-public data to OARC members ● Expects to have a large number of collector contributor sites ● Test the alpha research interface here: ● http://outboundindex.net/geo/pd.cfm

8 Search Interface Screenshot

9 Next Steps for ISC ● Scale up the ISC Passive DNS collector project ● More data, permanent web address for OARC members ● Continue improving searchability and speed as the data grows in size ● Listen to your feedback

10 Next Steps for You ● Use the alpha Passive DNS research tool and provide constructive feedback ● Contact ISC.org to become a collector site ● Software for collector contributors will be on the OARC server with the DSC software and various shell script helpers

Download ppt "Passive DNS Evolution presented by April Lorenzen."

Similar presentations

Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.

Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Exchange Pre-Deployment Analyzer - ExPDA www.microsoft.com/downloads/details.aspx?FamilyID=88b304e7-9912-4cb0- 8ead-7479dab1abf2&displaylang=en.

Exchange Pre-Deployment Analyzer - ExPDA 8ead-7479dab1abf2&displaylang=en.
 Mary Jane Heider ◦ Director, Academic Computing ◦  Judie Littlejohn ◦ Online Learning ◦

 Mary Jane Heider ◦ Director, Academic Computing ◦  Judie Littlejohn ◦ Online Learning ◦
Metadata Understanding the Value and Importance of Proper Data Documentation Exercise 2 Reading a Metadata File Exercise 3 Using the Workbook Exercise.

Metadata Understanding the Value and Importance of Proper Data Documentation Exercise 2 Reading a Metadata File Exercise 3 Using the Workbook Exercise.
Update report on GNSO- requested Whois studies Liz Gasster Senior Policy Counselor 7–12 March 2010.

Update report on GNSO- requested Whois studies Liz Gasster Senior Policy Counselor 7–12 March 2010.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?
The Internet  Internet Hardware connected together Creates a massive worldwide network  Hardware Computers Communication lines  Interlinked collection.

The Internet  Internet Hardware connected together Creates a massive worldwide network  Hardware Computers Communication lines  Interlinked collection.
Public Domain Clearinghouse N ATIONAL F ORUM ON E DUCATION S TATISTICS.

Public Domain Clearinghouse N ATIONAL F ORUM ON E DUCATION S TATISTICS.
Creating a Web Site. What is a web site? A web site is any collection of one or more web pages—single files that can be displayed on the World Wide Web.

Creating a Web Site. What is a web site? A web site is any collection of one or more web pages—single files that can be displayed on the World Wide Web.
HOW I SURVIVED AIST2330 AND LEARNED TO LOVE SERVER ADMIN Fall 2015 Edition.

HOW I SURVIVED AIST2330 AND LEARNED TO LOVE SERVER ADMIN Fall 2015 Edition.
Wil Haywood Rossana Bua Rhishi Katoch Kelvyn Araujo-Valdez Steve Kim.

Wil Haywood Rossana Bua Rhishi Katoch Kelvyn Araujo-Valdez Steve Kim.
Introduction1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching,

Introduction1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching,
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
1 Thinking How often do you use the internet? For what purposes to you use the internet the most? 2 Web Search What is the internet? When did.

1 Thinking How often do you use the internet? For what purposes to you use the internet the most? 2 Web Search What is the internet? When did.
 Internet Hardware connected together Creates a massive worldwide network  Hardware Computers Communication lines  Interlinked collection of smaller.

 Internet Hardware connected together Creates a massive worldwide network  Hardware Computers Communication lines  Interlinked collection of smaller.
Swiss NREN protection with DNS RPZ

Swiss NREN protection with DNS RPZ

Similar presentations

Ads by Google