Tag: dns
-
VB2017 preview: BPH exposed – RBN never left they just adapted and evolved. Did you?
Running a cybercriminal enterprise isn’t all that easy. Try, for instance, setting up a site hosting malware and you’ll find that sooner or later the provider will suspend your account. Enter bulletproof hosting (BPH): hosting targeted at cybercriminals with the explicit goal of being invulnerable to takedown requests. Though the most infamous BPH operation, the Russian…
-
VB2016 paper: Building a local passiveDNS capability for malware incident response
Anyone who has ever investigated a malware or phishing attack will know the feeling: “if only I could find out what IP address this domain pointed to when the attack took place”. If you’re tasked with performing incident response in your organisation, collecting passive DNS data is probably a good idea. One way to do this…
-
VB2016 paper: Building a local passiveDNS capability for malware incident response
Anyone who has ever investigated a malware or phishing attack will know the feeling: “if only I could find out what IP address this domain pointed to when the attack took place”. If you’re tasked with performing incident response in your organisation, collecting passive DNS data is probably a good idea. One way to do this…
-
Let’s Encrypt certificate used in malversiting
We’d better get used to a world where malicious traffic is encrypted too. According to some people, myself included, Let’s Encrypt was one of the best things that happened to the Internet in 2015. Now that, as of December, the service is in public beta, anyone can register certificates for domains they own, in a…
-
VB2014 paper: Design to discover: security analytics with 3D visualization engine
Thibault Reuille and Dhia Mahjoub use DNS data to look for clusters of malicious domains. Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Design to discover: security analytics with 3D visualization engine’ by…
-
VB2014 paper: Sweeping the IP space: the hunt for evil on the Internet
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Sweeping the IP space: the hunt for evil on the Internet’ by OpenDNS…
-
DNS cache poisoning used to steal emails
Call to use end-to-end encryption and to deploy DNSSEC. DNS is sometimes called ‘the phone book of the Internet’. If true, then it is a phone book that makes it relatively easy to be tricked into calling someone else. Whether it is through using social engineering to hijack a DNS account at a gullible registrar,…
-
Spamhaus CIO calls for those running open DNS resolvers to be fined
Open DNS resolvers instrumental in many DDoS attacks. At the Cyber Security Summit in London, Richard Cox, CIO of DNS blacklist provider Spamhaus , called on the UK government to issue fines to those running open DNS resolvers, PC Pro writes . Open DNS resolvers have become an important tool for those performing DDoS attacks.…
-
DNSSEC glitch causes .gov sites to become inaccessible
Name servers unable to distinguish faulty from rogue responses. A glitch at VeriSign yesterday led to DNSSEC-aware name servers being unable to verify responses on the .gov top-level domain (TLD), which in turn led to many users being unable to access services residing on a .gov domain. It wasn’t a good day for the Internet…