• Aucun résultat trouvé

DNS and Security?

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "DNS and Security?"

Copied!
9
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A

Passive DNS

Using the DNS for fun and profit

Alexandre Dulaunoy

January 25, 2013

(2)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A Domain Name Space and Structure

Domain Name Space and Structure 1/3

The domain name space is structured in a tree.

The DNS root zone is at the top and provide information on how to reach top-level domains (ccTLD, gTLD).

Security is limited and DNSSEC is not currently largely deployed.

(3)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A Name Servers Roles

Name Servers Roles 2/3

Authoritative name server

Give answers about domain name configured by the local name administrator.

Recursive and caching name server

They recursively lookup domains by querying and caching to/from authoritative name server.

It’s recommended to keep separated the authoritative name server from the recursive name server.

(4)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A DNS Protocol

DNS Protocol 3/3

DNS uses UDP or TCP over port 53. The core element for the DNS procotol is the RR (Resource Record). Each record is composed of various fields: NAME, TYPE, CLASS, TTL, RDLENGTH and RDATA.

(5)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A

DNS and Security?

Everyone relies on DNS on Internet even malware.

Can we monitor DNS passively to discover malware infection or limiting its impact?

First passive DNS implemented in 2004 by Florian Weimer.

Discovering of malware fast-flux domains, malicious domains/IP, hijacked domains...

Privacy is critical when doing passive DNS.

(6)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A

DNS and Security - Quick Workshop

From simple DNS monitoring to dnscap (https://github.com/adulau/dnscap).

Can you use the DNS queries/answers for network forensic analysis?

How to abuse DNS? DNS (cache, query) poisoning.

DGA? fast-flux? how are those techniques used by malware?

(7)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A

dnscap - how to use it

dnscap -g -i eth0 →dump decode queries/answers for DNS dnscap -g -i eth0 -s r → dump DNS answers only

(8)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A

Bibliography

DNS and BIND, Fifth Edition, Cricket Liu, Paul Albitz.

Passive Monitoring of DNS Anomalies, Bojan Zdrnja, Nevil Brownlee, and Duane Wessels.

(9)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop dnscap Bibliography Q and A

Q and A

Thanks for listening.

[email protected]

Références

Télécharger maintenant ( PDF - 9 Page - 163.40 KB )

Documents relatifs

Megacities structure and water security: Past and future

Introduction Megacities structure Looking backward Looking ahead Implication for Utilities.. Megacities Structure and

DNS and Security?

DNS and Security - Quick Workshop Bibliography Q and A Domain Name Space and Structure.. Domain Name Space and

DNS and Security?

JSON String or an array of string if more than one unique triple time first : first time that the resource record triple (rrname, rrtype, rdata) was seen. time last : last time that

Introduction This memo provides some information on the structure of the names in the Domain Name System (DNS), specifically the top-level domain names

In the case of top-level domains that are country codes this means that there is a manager that supervises the domain names and operates the domain name system in

This includes the steps and operations necessary for address space allocation and registration, routing database registration, and domain name registration

The Internet Assigned Numbers Authority (IANA) allocates large address blocks to the three current Regional Internet Registries (IRs): ARIN, APNIC, and RIPE NCC which, in

Abstract This document reviews the original function and purpose of the domain name system (DNS)

Such systems are few in the world today, but the number can reasonably be expected to rise as the Internet is increasingly used by populations whose primary concern is

it describes several ways that a DNS client can use an authentication domain name to authenticate a (D)TLS connection to a DNS server

DNS clients that issue queries under an Opportunistic Privacy profile and that know authentication information for a given privacy-enabling DNS server SHOULD try to

Domain Name System (DNS) Tunneling Detection using Structured Occurrence Nets (SONs)

Another interesting point is that, in (4) in Table 6, there is a False Positive, which means the algorithm detected 9.4% of the normal packets as attack packets; after inves-