Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passive DNS at OARC Keith Mitchell, OARC Paul Vixie, ISC DNS Operations Meeting Chicago, 28 th Jul 2007.

Published byArchibald Rodgers Modified over 8 years ago

Similar presentations

Presentation on theme: "Passive DNS at OARC Keith Mitchell, OARC Paul Vixie, ISC DNS Operations Meeting Chicago, 28 th Jul 2007."— Presentation transcript:

1 Passive DNS at OARC Keith Mitchell, OARC Paul Vixie, ISC DNS Operations Meeting Chicago, 28 th Jul 2007

2 History ● Florian Weimar invented this concept ● Implementation in academia ● GNU ADA, Berkeley DB ● Sensors in European ISPs & Universities ● Original intent: zone content recovery ● Used today by world wide LEO community ● “Inverse directory” & botnet hunting ● what names map to “this” address? ● when was “this” name first used and by whom? ● who has looked up “this” botnet C&C name?

3 Upcoming Alternatives ● April Lorenzen, sponsored by ISC ● Implemented in Perl & PostgreSQL on FreeBSD ● Uses NSF funded hardware (OARC) ● Text-y, emphasis is on web GUI ● Florian Weimar (redux) ● Wants to try SQL (vs. Berkeley DB) ● Strong non-text-y schema ● Emphasis on performance

4 Hazards of Decentralization ● Every new passive DNS effort has to solicit sensors (instrumented recursive NS) ● Due to ops+BW costs, no sensor can feed more than one passive DNS collector ● Thus, sensor population is bifurcated ➔ Perhaps a central solution is warranted?

5 Hazards of Commercialization ● Huge datamining opportunity in this dataset ● Ultimately, collectors could pay the sensors ● There might be some problems, though: ● National privacy laws ● ISP privacy policies ● Competitors getting hold of it ➔ Perhaps a trusted nonprofit could help?

6 OARC as a Framework ● Trusted nonprofit association ● Infrastructure for data sharing ● Administration for resource pooling ● Governance by membership ● Oversight by rootops ● ISC as secretariat ● Perfect vehicle for Passive DNS ?

7 Proposed Solution ● PCAP-based data capture tool (DNSCAP) ● can hide “personally identifiable information” ● Lightweight relationship for sensor operators ● simplified zero fee agreement ● exchange of security keys ● upload batches using SSH/SFTP ● Central collector operated for OARC by ISC ● anonymizes batches, rebroadcasts on a LAN ● each passive DNS project sits on that LAN

8 Business Model ● Central collector has a rebroadcast LAN ● might also offer the raw data on DVD-ROM ● can consider paying stipends to sensor operators ● Passive DNS projects connect to this LAN ● nonprofit/research projects pay low fee / no fee ● required to share collected data without fee/license ● commercial projects pay for rack, power, & port ● e.g. AV companies, search engines, etc ● strong contracts, with enforcement, for ethics ● No spamming, etc ● extracted data can be taken offsite ● ISC will transport but not transit “commercial” data

9 Business Plan ● Hardware: ● Sun X4500 storage engine ($35K) ● HP blade server ($50K) ● Personnel: ● tools person ($125K) ● ops person ($125K) ● half a manager ($75K) ● Recovery: ● scaled fee structure (based on company size) ● goal is to fully support Passive DNS as of Y2 ● with some left over for cross-subsidy, new ideas

Download ppt "Passive DNS at OARC Keith Mitchell, OARC Paul Vixie, ISC DNS Operations Meeting Chicago, 28 th Jul 2007."

Similar presentations

Spatial Data Infrastructure: Concepts and Components Geog 458: Map Sources and Errors March 6, 2006.

Spatial Data Infrastructure: Concepts and Components Geog 458: Map Sources and Errors March 6, 2006.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
ICS 541 - 01 (072)Database Systems: A Review1 Database Systems: A Review Dr. Muhammad Shafique.

ICS (072)Database Systems: A Review1 Database Systems: A Review Dr. Muhammad Shafique.
ICT and Civil ProtectionSenigallia, 18-19 June 2007 A Service-Oriented Middleware for EU Civil Protection cooperation Regione Marche.

ICT and Civil ProtectionSenigallia, June 2007 A Service-Oriented Middleware for EU Civil Protection cooperation Regione Marche.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
Based on last years lecture notes, used by Juha Takkinen.

Based on last years lecture notes, used by Juha Takkinen.
YNG Solutions Website Usability Review Prepared by Josepha Rood December 19, 2008.

YNG Solutions Website Usability Review Prepared by Josepha Rood December 19, 2008.
ENOG-7 27 May 2014 Moscow Marriott Grand Hotel, Moscow, Russia IPv6 Golden Networks Jeroen Massar, Farsight Security, Inc. A watchful eye.

ENOG-7 27 May 2014 Moscow Marriott Grand Hotel, Moscow, Russia IPv6 Golden Networks Jeroen Massar, Farsight Security, Inc. A watchful eye.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
New Task Group CRIS Architecture & Development Maximilian Stempfhuber RWTH Aachen University Library

New Task Group CRIS Architecture & Development Maximilian Stempfhuber RWTH Aachen University Library
ENAM ENAM - INFRA Project 2013.

ENAM ENAM - INFRA Project 2013.
Human-Computer Interface Course 5. ISPs and Internet connection.

Human-Computer Interface Course 5. ISPs and Internet connection.
Module Title? DBMS Introduction to Database Management System.

Module Title? DBMS Introduction to Database Management System.
Copyright 2004Connected Vehicle Trade Association™ 1 Connected Vehicle Stakeholders Map.

Copyright 2004Connected Vehicle Trade Association™ 1 Connected Vehicle Stakeholders Map.
Cybersecurity Coordination and Cooperation Colloquium (f41lf3st 2015) 17 June 2015 Tallinna Tehnickaülikool, Tallinn, Estonia IPv6 Golden Networks Jeroen.

Cybersecurity Coordination and Cooperation Colloquium (f41lf3st 2015) 17 June 2015 Tallinna Tehnickaülikool, Tallinn, Estonia IPv6 Golden Networks Jeroen.
Designing Active Directory for Security

Designing Active Directory for Security
OARC Status Keith Mitchell OARC Programme Manager Internet Systems Consortium OARC Workshop Seattle, 16 th Nov 2006.

OARC Status Keith Mitchell OARC Programme Manager Internet Systems Consortium OARC Workshop Seattle, 16 th Nov 2006.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
1 Barriers to Enum What VoIP providers ask about Enum Dr. Dorgham Sisalem.

1 Barriers to Enum What VoIP providers ask about Enum Dr. Dorgham Sisalem.

Similar presentations

Ads by Google