Characterizing Dark DNS Behavior
|
|
|
- Jeffrey Fields
- 5 years ago
- Views:
Transcription
1 Characterizing Dark DNS Behavior Jon Oberheide*, Manish Karir, Z. Morley Mao*, Farnam Jahanian* *University of Michigan Merit Network, Inc. DIMVA 2007 July 12, 2007
2 Presentation Summary Sell/short/don't fly NWA ;-) Implications of darknet sensor evasion via DNS PTR reconnaissance Define dark DNS and breakdown collected dark DNS activity Introduce honeydns tool to complement darknet deployments Slide #2 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
3 Darknet Monitoring Darknet sensors AKA honeypots, honeynet, telescopes, etc Monitor unused IP address space Slide #3 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
4 Darknet Evasion Researcher's goals: Gather threat intelligence Avoid sensor fingerprinting Maintain attack visibility Attacker's goals: Evade monitored address space Avoid tripping IDS alerts Conceal attack techniques Attack live, high-value targets Slide #4 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
5 DNS Reconnaissance The Domain Name System (DNS) Provides lucrative characteristics Extensive source of information Recursive queries -> Source cloaking Authoritative servers -> Out-of-band queries DNS PTR queries Translate IP address to hostname Potential for large-scale reconnaissance Live targets likely to have associated hostnames Scanning target range with mass PTR querying Slide #5 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
6 PTR Query Example Slide #6 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
7 PTR Reconnaissance Feasibility Sensors frequently improperly deployed Lacking proper reverse DNS delegation Ex: large-scale, distributed darknet sensor system >17 million routable addresses PTR recon evaded % of address space Distribution of legitimate hosts with PTRs 24 hours of NetFlow from regional provider ~1.2 million unique IPs involved in TCP flows ~981k have valid PTR records (79.43%) PTR reconnaissance is feasible Slide #7 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
8 Improperly Delegated Slide #8 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
9 Properly Delegated Slide #9 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
10 Dark DNS Current darknet sensors: Dark DNS: Goals: Only analyze traffic targeted at monitored addresses and fail to consider OOB probes about addresses. Inquiries about dark address space via PTR queries performed in the DNS namespace. - Explore characteristics of dark DNS activity collected via authoritative monitoring infrastructure - Improve ability of sensors to prevent PTR reconnaissance via lightweight honeydns tool Slide #10 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
11 Measurement Datasets Delegated reverse authority for two class B darknets Monitored and collected dark DNS activity 3 Response Types No Response (NR) baseline NXDOMAIN (NX) non-existent domain Valid Response (VR) spoofed PTR reply host-a-b-c-d.merit.edu for IP address a.b.c.d Collection Period Week of collection for each darknet and response type Slide #11 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
12 Dataset Characteristics Categories of dark DNS Misconfiguration DDoS backscatter Legitimate PTR mapping Malicious reconnaissance Slide #12 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
13 Query Rate mini-spikes Consistent flow of dark DNS activity Slide #13 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
14 Query Targets mini-spikes Query targets evenly distributed across subnet Slide #14 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
15 Query Sources New query sources continually observed 10% hosts -> 75% queries 50% hosts -> 95% queries Slide #15 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
16 Query Sources Slide #16 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
17 Akamai Mapping 11 distinct, distributed Akamai-deployed hosts Large source of PTR queries Network locality mapping Anomalous event Steady (~100/min) Crash (0/min) Spike (~1000/min) Crash (0/min) Slide #17 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
18 Discussion Measurements results Significant amount of dark DNS traffic observed Large number of originating networks/hosts Verified mapping and scanning activity Non-trivial random background activity Difficult to track and classify Return to reconnaissance issue How to prevent attackers from evading darknet sensors using PTR queries? Slide #18 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
19 Honeydns Honeydns tool Lightweight, flexible python daemon Simple authoritative DNS response functionality BIND unnecessarily complex for subset of required functionality Complementary to darknet deployments to prevent PTR reconnaissance Includes rudimentary alerting for scan detection Extensible for dynamic honeynet topologies and sampling Slide #19 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
20 Future Work Extent of reconnaissance by attackers Complicated discrimination between categories Mapping, backscatter, misconfigured, malicious activity Correlation of dark DNS with attack traffic Difficult due to recursive queries, source cloaking Amplified by availability of open resolvers Slide #20 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
21 Questions QUESTIONS??? Slide #21 Characterizing Dark DNS Behavior - DIMVA July 12, 2007
IPv6 Pollution Traffic Analysis
IPv6 Pollution Traffic Analysis Manish Karir (DHS S&T Cyber Security Division) Jake Czyz, Kyle Lady, Sam Miller, Michael Kallitsis, Michael Bailey (University of Michigan) Internet Pollu+on Darknet sensors
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery Evan Cooke *, Michael Bailey *, Farnam Jahanian *, Richard Mortier *University of Michigan Microsoft Research - 1 - NSDI 2006
Fast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
Hotspots: The Root Causes of Non- Uniformity in Self-Propagating Malware
Hotspots: The Root Causes of Non- Uniformity in Self-Propagating Malware Evan Cooke, Z. Morley Mao, Farnam Jahanian *University of Michigan - 1 - DSN 2006 Self-Propagating Malware Worms & Botnets (Source:
Tracking Global Threats with the Internet Motion Sensor
Tracking Global Threats with the Internet Motion Sensor Michael Bailey & Evan Cooke University of Michigan Timothy Battles AT&T Danny McPherson Arbor Networks NANOG 32 September 7th, 2004 Introduction
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
The UCSD Network Telescope
The UCSD Network Telescope Colleen Shannon cshannon @ caida.org NSF CIED Site Visit November 22, 2004 UCSD CSE Motivation Blocking technologies for automated exploits is nascent and not widely deployed
Darknet Traffic Monitoring using Honeypot
Darknet Traffic Monitoring using Honeypot 1 Hemal khorasia, 2 Mr. Girish Khilari 1 IT Systems & Network Security, 1 Gujarat Technological University, Ahmedabad, India Abstract - A "Darknet" is a portion
Shedding Light on the Configuration of Dark Addresses
Shedding Light on the Configuration of Dark Addresses Sushant Sinha, Michael Bailey, and Farnam Jahanian Department of Electrical Engineering and Computer Science University of Michigan Ann Arbor, Michigan,
Demystifying Service Discovery: Implementing an Internet-Wide Scanner
Demystifying Service Discovery: Implementing an Internet-Wide Scanner Derek Leonard Joint work with Dmitri Loguinov Internet Research Lab Department of Computer Science and Engineering Texas A&M University,
Are You Fully Prepared to Withstand DNS Attacks?
WHITE PAPER Are You Fully Prepared to Withstand DNS Attacks? Fortifying Mission-Critical DNS Infrastructure Are You Fully Prepared to Withstand DNS Attacks? Fortifying Mission-Critical DNS Infrastructure
Security activities in Japan towards the future standardization. Cybersecurity
Security activities in Japan towards the future standardization Side Event Cybersecurity Koji NAKAO KDDI, Japan Content Current threats - Internet User in Japan - However, observation of many scans (by
Understanding IPv6 Internet Background Radia6on
Understanding IPv6 Internet Background Radia6on Jakub Czyz*, Kyle Lady*, Sam Miller*, Michael Kallitsis, Manish Karir, Michael Bailey* *University of Michigan Merit Network Dept. of Homeland Security S&T
3-4 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks
3-4 DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks Mio SUZUKI, Koei SUZUKI, Yaichiro TAKAGI, and Ryoichi ISAWA In a regular organization, major approach
Basic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
Firewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
JPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2016]
![JPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2016]](/thumbs/90/104442060.jpg "JPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2016]")
JPCERT-IA-2016-03 Issued: 2016-11-16 JPCERT/CC Internet Threat Monitoring Report [July 1, 2016 - September 30, 2016] 1 Overview JPCERT/CC has placed multiple sensors across the Internet for monitoring
Re-engineering the DNS One Resolver at a Time. Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist
Re-engineering the DNS One Resolver at a Time Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist 1 In this presentation I ll talk about the DNS, and the root server infrastructure
On the Effectiveness of Distributed Worm Monitoring
On the Effectiveness of Distributed Worm Monitoring Moheeb Abu Rajab Fabian Monrose Andreas Terzis Computer Science Department Johns Hopkins University 1 Monitoring Internet Threats Threat monitoring techniques:
«On the Internet, nobody knows you are a dog» Twenty years later
«On the Internet, nobody knows you are a dog» Twenty years later This lecture is about identity and authenticity, but also other security properties. It is largely about the Internet, but some of this
Intrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
Toward Understanding Distributed Blackhole Placement
Toward Understanding Distributed Blackhole Placement Evan Cooke, Michael Bailey, Z. Morley Mao, David Watson, Farnam Jahanian University of Michigan {emcooke, mibailey, zmao, dwatson, farnam}@umich.edu
Network Policy Enforcement
CHAPTER 6 Baseline network policy enforcement is primarily concerned with ensuring that traffic entering a network conforms to the network policy, including the IP address range and traffic types. Anomalous
OpenFire: Opening Networks to Reduce Network Attacks on Legitimate Services
OpenFire: Opening Networks to Reduce Network Attacks on Legitimate Services Kevin Borders, Laura Falk, and Atul Prakash Department of EECS, University of Michigan, Ann Arbor, MI 48109 {kborders,laura,aprakash}@eecs.umich.edu
AMP-Based Flow Collection. Greg Virgin - RedJack
AMP-Based Flow Collection Greg Virgin - RedJack AMP- Based Flow Collection AMP - Analytic Metadata Producer : Patented US Government flow / metadata producer AMP generates data including Flows Host metadata
Intelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS
DATA SHEET THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS LUMETA SPECTRE FOR 100% REAL-TIME INFRASTRUCTURE VISIBILITY, REAL-TIME NETWORK CHANGE MONITORING AND THREAT DETECTION FOR PREVENTING SUCCESSFUL
Compare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
(DNS, and DNSSEC and DDOS) Geoff Huston APNIC
D* (DNS, and DNSSEC and DDOS) Geoff Huston APNIC How to be bad 2 How to be bad Host and application-based exploits abound And are not going away anytime soon! And there are attacks on the Internet infrastructure
COMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (7 th Week) 7. Denial-of-Service Attacks 7.Outline Denial of Service Attacks Flooding Attacks Distributed Denial of Service Attacks Application Based
Attackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
Network Defense Applications Using Stationary and Event-Driven IP Sinkholes
Network Defense Applications Using Stationary and Event-Driven IP Sinkholes Defeating Denial of Service, Decreasing False Positives, and Enriching Network Intelligence using IP Sinkholes What this presentation
CloudAV. Malware Analysis in the Network Cloud. Jon Oberheide. University of Michigan. June 12, 2008 MMC '08
- CloudAV Malware Analysis in the Network Cloud Jon Oberheide University of Michigan June 12, 2008 MMC '08 Introduction Jon Oberheide Advisor: Farnam Jahanian 2nd year PhD at U of M (BS, MS) Research Slide
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
Battle between hackers and machine learning. Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019
Battle between hackers and machine learning Alexey Lukatsky Cybersecurity Business Consultant April 03, 2019 Google: facts and numbers Real Cisco Big Data for Security Training Set Why is Machine Learning
Backscatter A viable tool for threat of the past and today. Barry Raveendran Greene March 04, 2009
Backscatter A viable tool for threat of the past and today Barry Raveendran Greene March 04, 2009 bgreene@senki.org Agenda Backscatter: What is it? VzB s use with the Backscatter Traceback Technique. Using
Mapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
CE Advanced Network Security Botnets
CE 817 - Advanced Network Security Botnets Lecture 11 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
DNS Security. *http://compsec101.antibozo.net/pa pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi
DNS Security *http://compsec101.antibozo.net/pa pers/dnssec/dnssec.html 1 IT352 Network Security Najwa AlGhamdi Introduction The DNS provides a mechanism that resolves Internet host names into IP addresses
DNS Authentication-as-a-Service Preventing Amplification Attacks
DNS Authentication-as-a-Service Preventing Amplification Attacks Amir Herzberg Bar-Ilan University Haya Shulman Technische Universität Darmstadt Denial of Service Attacks: Statistics Reported bandwidths
CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
Attacks on DNS: Risks of Caching
Attacks on DNS: Risks of Caching CS 161: Computer Security Prof. David Wagner March 30, 2016 Today Midterm 2 grades available Reminder: Start Project 2, Part 2! Today, DNS: protocol for mapping hostnames
DOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
Mapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison
snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
Security Whitepaper. DNS Resource Exhaustion
DNS Resource Exhaustion Arlyn Johns October, 2014 DNS is Emerging as a Desirable Target for Malicious Actors The current threat landscape is complex, rapidly expanding and advancing in sophistication.
Application Notes for Mirage Networks CounterPoint in an Avaya IP Telephony Infrastructure Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Mirage Networks CounterPoint in an Avaya IP Telephony Infrastructure Issue 1.0 Abstract These Application Notes describe a configuration
HP0-Y16. ProCurve Network Immunity Solutions. Download Full Version :
HP HP0-Y16 ProCurve Network Immunity Solutions Download Full Version : http://killexams.com/pass4sure/exam-detail/hp0-y16 Which challenges does a unified NIM + IDS deployment meet? (Select two.) A. Reducing
Honeynets and Darknets. What good are they?
Honeynets and Darknets What good are they? Presented by 11:20-11:50am Friday, November 14th, 2008 and Aidan Carty HEAnet 1 Content Introduction and Overview Honeynet activities at ITB Honeynet activities
Cisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
The DNS of Things. A. 2001:19b8:10 1:2::f5f5:1d Q. WHERE IS Peter Silva Sr. Technical Marketing
The DNS of Things Peter Silva Sr. Technical Marketing Manager @psilvas Q. WHERE IS WWW.F5.COM? A. 2001:19b8:10 1:2::f5f5:1d Advanced threats Software defined everything SDDC/Cloud Internet of Things Mobility
Large-scale DNS. Hot Topics/An Analysis of Anomalous Queries
Large-scale DNS Caching Servers Hot Topics/An Analysis of Anomalous Queries Shintaro NAKAGAMI, Tsuyoshi TOYONO Keisuke ISHIBASHI, Haruhiko NISHIDA, and Haruhiko OHSHIMA NTT Communications, OCN NTT Laboratories
How to Configure IPS Policies
IPS policies control the behavior of the IPS when an attack is detected. You can define multiple IPS policies and apply them to individual firewall rules as needed. In this article: Default IPS Policy
CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
August 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
Enterprise Situational Intelligence
DATA SHEET Enterprise Situational Intelligence You can attain a real-time, authoritative view of your network infrastructure using Lumeta ESI. Running in an always-on mode, ESI delivers network indexing,
Overview of nicter - R&D project against Cyber Attacks in Japan -
Overview of nicter - R&D project against Cyber Attacks in Japan - Daisuke INOUE Cybersecurity Laboratory Network Security Research Institute (NSRI) National Institute of Information and Communications
Radware DefensePro DDoS Mitigation Release Notes Software Version Last Updated: December, 2017
Radware DefensePro DDoS Mitigation Release Notes Software Version 8.13.01 Last Updated: December, 2017 2017 Cisco Radware. All rights reserved. This document is Cisco Public. Page 1 of 9 TABLE OF CONTENTS
DDoS Managed Security Services Playbook
FIRST LINE OF DEFENSE DDoS Managed Security Services Playbook INTRODUCTION Distributed Denial of Service (DDoS) attacks are major threats to your network, your customers and your reputation. They can also
NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks
NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical
Port Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
Chapter 2 Malicious Networks for DDoS Attacks
Chapter 2 Malicious Networks for DDoS Attacks Abstract In this chapter, we explore botnet, the engine of DDoS attacks, in cyberspace. We focus on two recent techniques that hackers are using to sustain
Overview. Last Lecture. This Lecture. Next Lecture. Scheduled tasks and log management. DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly
Last Lecture Overview Scheduled tasks and log management This Lecture DNS and BIND Reference: DNS and BIND, 4 th Edition, O Reilly Next Lecture Address assignment (DHCP) TELE 301 Lecture 11: DNS 1 TELE
An study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets.
An study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets. Ignus van Zyl 1 Statement of problem Network telescopes
Leurré.com. a worldwide distributed platform to study Internet threats. Deployed and Managed by The Eurecom Institute
Leurré.com com: a worldwide distributed platform to study Internet threats Deployed and Managed by The Eurecom Institute (teaching and research institute located on the French Riviera) Contact Point: dacier@eurecom.fr
Multipot: A More Potent Variant of Evil Twin
Multipot: A More Potent Variant of Evil Twin K. N. Gopinath Senior Wireless Security Researcher and Senior Engineering Manager AirTight Networks http://www.airtightnetworks.net Email: gopinath.kn@airtightnetworks.net
Chapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
Identify and Lock down 100% of your Leaks. Detect Suspicious Network Behaviors
DATA SHEET REAL-TIME CYBER SITUATIONAL AWARENESS FOR IOT AND ICS LUMETA SPECTRE FOR THE INTERNET OF THINGS (IOT) AND INDUSTRIAL CONTROL SYSTEMS (ICS) IS THE ONLY SOLUTION TO DELIVER 100% REAL-TIME INFRASTRUCTURE
This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.
EC Council Certified Ethical Hacker V9 This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different
Multidimensional Investigation of Source Port 0 Probing
DIGITAL FORENSIC RESEARCH CONFERENCE Multidimensional Investigation of Source Port 0 Probing By Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh and Mourad Debbabi Presented At The Digital Forensic
Distributed Summary Statistics with Bro. Vlad Grigorescu
Distributed Summary Statistics with Bro Vlad Grigorescu 1 > whoami Member of the Bro development team Senior Developer at Broala LLC Senior Information Security Engineer at Carnegie Mellon University https://github.com/grigorescu
On the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
Security Issues In Mobile IP
Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering 1 OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats 4.Open issues 2 OUTLINE 1.Introduction 2.Typical
1. Intrusion Detection and Prevention Systems
1. Intrusion Detection and Prevention Systems Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which
Internet-Wide Port Scanners Some history behind the development of high performance port scanners. Things to consider, and necessary preparations
Internet-Wide Port Scanners Some history behind the development of high performance port scanners. Things to consider, and necessary preparations before using these tools. Internet Vulnerability masscan,
A Characterization of IPv6 Network Security Policy
Don t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy Jakub (Jake) Czyz, University of Michigan & QuadMetrics, Inc. Matthew Luckie, University of Waikato Mark Allman, International
Internet Engineering Task Force (IETF) Category: Informational. Swinburne University of Technology September 2010
Internet Engineering Task Force (IETF) F. Baker Request for Comments: 6018 Cisco Systems Category: Informational W. Harrop ISSN: 2070-1721 G. Armitage Swinburne University of Technology September 2010
Security Considerations for IPv6 Networks. Yannis Nikolopoulos
Security Considerations for IPv6 Networks Yannis Nikolopoulos yanodd@otenet.gr Ημερίδα Ενημέρωσης Χρηστών για την Τεχνολογία IPv6 - Αθήνα, 25 Μαίου 2011 Agenda Introduction Major Features in IPv6 IPv6
SAMPLE REPORTS. Infoblox Reporting and Analytics Infoblox Reporting and Analytics Sample Report Book
SAMPLE REPORTS Infoblox Reporting and Analytics Infoblox Reporting and Analytics Sample Report Book 1 INFOBLOX REPORTING AND ANALYTICS OVERVIEW... 5 2 HOME DASHBOARDS AND PREDICTIVE REPORTS... 6 2.1 HOME
Pope: Infrastructure for DNS Scanning
: Infrastructure for DNS Scanning 1 David Dagon 1 Luo Daniel Xiapu 1 1 {manos@cc,dagon@cc,xluo7@mail}.gatech.edu Georgia Institute of Technology Information Security Center Atlanta, Georgia OARC 2009 -
ETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
Beyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
Check Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
DarkNOC. Dashboard for Honeypot Management
DarkNOC Dashboard for Honeypot Management Bertrand Sobesto(1), Michel Cukier(1), Ma9 Hiltunen(2), David Kormann(2), Gregory Vesonder(2), Robin Berthier(3) (1) University of Maryland, (2) AT&T Labs- Research,
THE UTILITY OF DNS TRAFFIC MANAGEMENT
SECURITY SERVICES WHITE PAPER THE UTILITY OF DNS TRAFFIC MANAGEMENT TABLE OF CONTENTS 2 ABOUT DNS 3 DNS TRAFFIC MANAGEMENT 4 MONITORING AND FAILOVER 5 TRAFFIC MANAGEMENT MONITORING PROBES 6 GLOBAL LOAD
Chapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
Denial of Service and Distributed Denial of Service Attacks
Denial of Service and Distributed Denial of Service Attacks Objectives: 1. To understand denial of service and distributed denial of service. 2. To take a glance about DoS techniques. Distributed denial
Day In The Life of the Internet 2008 Data Collection Event.
Day In The Life of the Internet 2008 Data Collection Event http://www.caida.org/projects/ditl Duane Wessels The Measurement Factory/CAIDA k claffy CAIDA NANOG 42 February 19, 2008 NANOG 42 0 The Measurement
The Reconnaissance Phase
The Reconnaissance Phase Detecting the Enemy Before the Attack Carrie Gates PhD Candidate, Dalhousie University Visiting Scientist, CERT, Carnegie Mellon University Outline! Indicate a gap in our defences!
Improving DNS Security and Resiliency. Carlos Vicente Network Startup Resource Center
Improving DNS Security and Resiliency Carlos Vicente Network Startup Resource Center Threats to DNS Server crashes Server compromise Denial of service attacks Amplification attacks Cache poisoning Targeted
"Dark" Traffic in Network /8
"Dark" Traffic in Network 49.0.0.0/8 September 2010 Geoff Huston George Michaelson APNIC R&D research@apnic.net APNIC is now regularly examining the unused state of IPv4 address blocks before they are