• Aucun résultat trouvé

DNS and Security?

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "DNS and Security?"

Copied!
8
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A

Passive DNS

Using the DNS for fun and profit

Alexandre Dulaunoy

February 26, 2011

(2)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A Domain Name Space and Structure

Domain Name Space and Structure 1/3

The domain name space is structured in a tree.

The DNS root zone is at the top and provide information on how to reach top-level domains (ccTLD, gTLD).

Security is limited and DNSSEC is not currently largely deployed.

(3)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A Name Servers Roles

Name Servers Roles 2/3

Authoritative name server

Give answers about domain name configured by the local name administrator.

Recursive and caching name server

They recursively lookup domains by querying and caching to/from authoritative name server.

It’s recommended to keep separated the authoritative name server from the recursive name server.

(4)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A DNS Protocol

DNS Protocol 3/3

DNS uses UDP or TCP over port 53. The core element for the DNS procotol is the RR (Resource Record). Each record is composed of various fields: NAME, TYPE, CLASS, TTL, RDLENGTH and RDATA.

(5)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A

DNS and Security?

Everyone relies on DNS on Internet even malware.

Can we monitor DNS passively to discover malware infection or limiting its impact?

First passive DNS implemented in 2004 by Florian Weimer.

Discovering of malware fast-flux domains, malicious domains/IP, hijacked domains...

Privacy is critical when doing passive DNS.

(6)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A

DNS and Security - Quick Workshop

From simple DNS monitoring to dnscap (https://github.com/adulau/dnscap).

Can you use the DNS queries/answers for network forensic analysis?

How to abuse DNS? DNS (cache, query) poisoning.

(7)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A

Bibliography

DNS and BIND, Fifth Edition, Cricket Liu, Paul Albitz.

Passive Monitoring of DNS Anomalies, Bojan Zdrnja1 , Nevil Brownlee1 , and Duane Wessels2.

(8)

DNS protocol in 3 slides DNS and Security? DNS and Security - Quick Workshop Bibliography Q and A

Q and A

Thanks for listening.

[email protected]

Références

Télécharger maintenant ( PDF - 8 Page - 147.03 KB )

Documents relatifs

A U.D.G. _ U.R.P. INTERNO. OGGETTO: candidature di dipendenti civili a posti a status internazionale. Legge 27 luglio 1962 n.1114.

- Proven in-depth knowledge of UNIX security, Windows Operating Systems security, Internet security tools and policy, tools such as sendmail and Domain Name System (DNS), network

Policy-based management of the inter-domain communications security

In this work we will present a Dynamic Management Environment of the Inter- Domain Communications Security (DMEIDCS) which is based on the Ponder language [3] to specify security

Bypassing Secure Web Transactions via DNS Corruption

A Domain Name Service (DNS) is a common Internet protocol that allows a user to type the URL (name) of the destination into their browser (telnet, ftp, you name it program)

Security Models Lecture 1 Security Notions

Security Models Lecture 1 Security Notions Different Adversaries..

Préparation à la certification (ISC)² CISSP Rev. 2

DOMAIN 3 - INFORMATION SECURITY GOVERNANCE & RISK MANAGEMENT DOMAIN 4 - SOFTWARE DEVELOPMENT SECURITY.. DOMAIN 5

Savola CSC/FUNET April 2006 Operational Considerations and Issues with IPv6 DNS Status of This Memo This memo provides information for the Internet community

This memo presents operational considerations and issues with IPv6 Domain Name System (DNS), including a summary of special IPv6 addresses, documentation of known

These domains are intended to be resolved using non-public DNS servers that are only reachable through the IPsec connection

The INTERNAL_DNS_DOMAIN attribute type is used to convey that the specified DNS domain MUST be resolved using the provided DNS nameserver IP addresses as specified in

Utilisation d'alias du DNS pour les services réseau

Il est devenu de pratique courante d'utiliser des noms symboliques (habituellement des CNAME) dans le service des noms de domaines (DNS, Domain Name Service) [RFC1034],