Tag: dns
-
VB2019 paper: DNS on fire
The “phonebook of the Internet” has well outlived physical phonebooks, but that doesn’t mean DNS is without its issues. There is a joke among incident responders that, even when you’re sure the problem isn’t DNS, it still ends up being DNS. Aside from configuration issues, DNS is also a very valuable target for adversaries. In…
-
Expired domain led to SpamCannibal’s blacklist eating the whole world
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender’s IP address (and sometimes their domain) is listed as a known spammer. As the name suggests, a DNS blacklist is queried over DNS: to do a lookup for the IP address 1.2.3.4…
-
Expired domain led to SpamCannibal’s blacklist eating the whole world
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender’s IP address (and sometimes their domain) is listed as a known spammer. As the name suggests, a DNS blacklist is queried over DNS: to do a lookup for the IP address 1.2.3.4…
-
$150k in cryptocurrency stolen through combined BGP-DNS hijack
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP hijacks – in which a malicious attacker essentially takes over one or more ranges of IP addresses – are not extremely common, but for a protocol…
-
$150k in cryptocurrency stolen through combined BGP-DNS hijack
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP hijacks – in which a malicious attacker essentially takes over one or more ranges of IP addresses – are not extremely common, but for a protocol…
-
Attack on Fox-IT shows how a DNS hijack can break multiple layers of security
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT , which writes in great detail about how a DNS hijack was used to man-in-the-middle its customer portal, should be judged favourably. The company’s report on the incident also provides some important lessons,…
-
Attack on Fox-IT shows how a DNS hijack can break multiple layers of security
Every company will, sooner or later, get hacked and we should judge them by how they respond. With that in mind, Fox-IT , which writes in great detail about how a DNS hijack was used to man-in-the-middle its customer portal, should be judged favourably. The company’s report on the incident also provides some important lessons,…
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
VB2017 preview: BPH exposed – RBN never left they just adapted and evolved. Did you?
Running a cybercriminal enterprise isn’t all that easy. Try, for instance, setting up a site hosting malware and you’ll find that sooner or later the provider will suspend your account. Enter bulletproof hosting (BPH): hosting targeted at cybercriminals with the explicit goal of being invulnerable to takedown requests. Though the most infamous BPH operation, the Russian…