• Aucun résultat trouvé

How to build a scalable passive DNS using a key/value data structure ”designed” in 5 minutes Alexandre Dulaunoy February 17, 2012

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "How to build a scalable passive DNS using a key/value data structure ”designed” in 5 minutes Alexandre Dulaunoy February 17, 2012"

Copied!
5
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

How to build a scalable passive DNS

using a key/value data structure ”designed” in 5 minutes

Alexandre Dulaunoy

February 17, 2012

(2)

DNS and Security?

Everyone relies on DNS on Internet and often your friendly malware

Can we monitor passively DNS to discover malware infection or limiting its impact?

First passive DNS implemented in 2004 by Florian Weimer

Discovering of malware fast-flux domains, malicious domains/IP, hijacked domains...

Privacy and DNS don’t mixup very well (in other words, it sucks)

What are the changes of a DNS record over time?

(3)

The 5 minutes ”design”

I’m lazy, the dirty job of DNS decoding is done by ISC dnscap tool

I hate slow disk access, the database must stay in memory

I hate large piece of code, the implementation must be modular and having less than 5K LOC (↓trash and rewrite cost)

I hate those bloody legal documents, we keep only the DNS answers (no queries or source IP addresses stored)

(4)

A sample DNS answer

(5)

The 5 minutes Redis data structure

Références

Télécharger maintenant ( PDF - 5 Page - 140.37 KB )

Documents relatifs

DNS and Security?

DNS and Security - Quick Workshop Bibliography Q and A Domain Name Space and Structure.. Domain Name Space and

Redis - a Flexible Key/Value Datastore An Introduction Alexandre Dulaunoy February 17, 2012

• Redis is key store written in C with an extended set of data types like lists, sets, ranked sets, hashes, queues. • Redis is usually in memory with persistence achieved by

DNS and Security?

DNS and Security - Quick Workshop dnscap Bibliography Q and A Domain Name Space and Structure.. Domain Name Space and

Passive DNS Using the DNS for fun and profit Alexandre Dulaunoy March 4, 2016

JSON String or an array of string if more than one unique triple time first : first time that the resource record triple (rrname, rrtype, rdata) was seen. time last : last time that

The Limits of Using FrameNet Frames to Build a Legal Ontology

Some frames in FrameNet found an equivalent frame in Brazilian legal system, with lexical units presenting equivalents in Portuguese, correspondence between the American

Computational Linguistics Against Hate: Hate Speech Detection and Visualization on Social Media in the "Contro L’Odio" Project

a lexicon developed within the project (Lingia- rdi et al., 2019) has been exploited to provide a fine-grained classification of the nature of the hate speeches posted by the users

Hate Me, Hate Me Not: Hate Speech Detection on Facebook

• we design and develop the first hate speech classifier for the Italian language and we com- pare two different approaches based on state-of-the-art learning algorithms for

Legal responses to racial hate speech in Japan

In particular, given that the provisions of the International Convention on the Elimination of All Forms of Racial Discrimination to which Japan is a party and Article 14 of the