SlideShare una empresa de Scribd logo

12 Years in DNS Security As a Defender

Bangladesh Network Operators Group
Bangladesh Network Operators Group

12 Years in DNS Security As a Defender

Internet
1 de 21
Descargar para leer sin conexión
12 Years in DNS Security As a Defender A. S. M. Shamim Reza bdNOG 15 Dhaka 09-12 December, 2022
[~]$whoami|– 12+ years worked at ISP – Chief Technology Officer, Pipeline Inc. – Community Trainer, APNIC @asmshamimreza on Linkedin @shamimrezasohag on Twitter
What is DNS? DNS Domain Name System Inventor Dr. Paul Mockapetris Year 1983 RFC 882 & 883 Port 53 TCP/UDP Place University of Southern California’s Information Sciences Institute “I designed the DNS so that the name- space could be anything you wanted it to be.” – Dr. Paul Mockapetris
How DNS Query Works?
Attacker likes DNS 91.3% of malware uses DNS in attacks 68% of Organization don't monitor DNS
Cyber Attacks on DNS Attacks using DNS Server Reflection Attack DNS Tunneling DGA Command & Control Attacks that Target DNS Server DDoS Recursive Query Attacks Cache Poisoning Attacks Buffer overflow Port Scan
Stat on 53 port – Bangladesh Listening IPs 64,576
Lets talk about the Journey
Observing DDoS Findings Mitigation Technique? Authoritative & Recursive service at the same system Separated them into different Hosts Service was running with Same OS and Bind service Migrated with BIND+CentOS & Unbound+FreeBSD Recursive resolver was Central Deployed IP Anycast for Recursive DNS in multiple region. Initial goal was to increase service availability
Observing DDoS – additional steps – OS installation was practice with Minimal ISO. – Allowed only required service port. – Practiced IP ACL on remote access at Host based firewall. – Imposed IP ACL on DNS service configuration. – Disabled service version exposer. – Automatic update on OS Kernel, packages and patches. – BIND configured with CHROOT.
Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization Log File Category Definition: category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; };
Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – Used DNSTOP for automated Stats check from CLI – DNSTOP can be used in all the Linux variants. – In addition we have used generic utilities from the CLI to get the summary. # cat query.log | cut -d " " -f 10 | sort | uniq -c | sort -n 23506 www.google.com 26679 imgcdn.ptvcdn.net 28539 outlook.office.com 47835 dns.google 100117 time-c.timefreq.bldrdoc.gov 100533 time-b.timefreq.bldrdoc.gov 101298 time-a.timefreq.bldrdoc.gov # cat query.log | cut -d " " -f 10 | cut -d "." -f "2-3" | sort | uniq -c | sort -n 31836 office.com 36193 ms-acdc.office 39567 events.data 42475 google.com 47835 google 301948 timefreq.bldrdoc
Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – With the CLI based check, we face few challenges as the log volume was increasing day by day. – time consuming – repetitive task for the same activity (scripting wasnt helping) Deployed Grafana eco-system to get all the Stats + logs and then visualized. Focused was to get all the insights on NXDOMAIN.
Looking beyond NXDOMAIN! – Observed overall pattern of NXDOMAIN across the DNS infra – Few zones crosses the threshold on a specific time in max of cases – Log shows C&C communication in a few cases, decided to dig deep for NXDOMAIN – Installed Suricata NIDS in the DNS Infra and start monitoring the activity
Including active Defense! – The outcome of the analysis, after incorporating Suricata, was enormous. – To overcome the issue, plan to deploy DNS RPZ
What Next? Network Traffic – NetFlow with NFSen Roaming around in NetFlow – Searched for IPs listening on 53 port to mitigate OpenResolver – Setup threshold on traffic on 53 port both for TCP & UDP – Looking for a specific region that uses the 53 port heavily. – Looking for IPs that are sending 40<= bytes of PKT.
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows 2022-08-20 11:57:20.410 7.040 UDP 10.160.252.254:55427 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:20.430 7.040 UDP 10.160.252.254:55429 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:51601 -> 192.168.0.254:99032 ...... 0 4 276 0 313 69 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:56961 -> 192.168.0.254:19032 ...... 0 4 276 0 313 69 1 2022-07-10 22:52:31.540 158.330 UDP 10.175.8.138:53 -> 192.168.0.254:19032 ...... 0 111 7509 0 379 67 1 2022-07-10 22:52:26.570 199.400 UDP 10.175.8.78:53 -> 192.168.0.254:20031 ...... 0 90 6123 0 245 68 1 2022-07-10 22:54:01.770 147.120 UDP 10.175.21.234:53 -> 192.168.0.254:60245 ...... 0 104 7526 0 409 72 1 2022-07-10 22:54:25.950 133.830 UDP 10.175.24.160:53 -> 192.168.0.254:8206 ...... 0 117 8018 0 479 68 1 2022-07-10 22:52:24.280 280.700 UDP 10.175.22.226:53 -> 192.168.0.254:94036 ...... 0 117 8836 0 251 75 1 2022-09-08 19:06:41.210 0.000 UDP 10.160.252.188:61902 -> 192.168.0.254:12023 ...... 0 1 45 0 0 45 1 2022-09-08 21:08:20.570 0.000 UDP 10.160.252.212:40960 -> 192.168.0.254:10046 ...... 0 1 45 0 0 45 1 2022-08-26 21:44:18.720 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:12067 ...... 72 1 28 0 0 28 1 2022-08-26 21:45:11.320 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:11057 ...... 72 1 40 0 0 40 1 2022-08-26 21:47:33.480 0.000 TCP 88.6.232.5:42671 -> 192.16.204.219:53 ....S. 40 1 40 0 0 40 1 2022-08-26 22:18:58.290 0.000 TCP 88.6.232.5:52561 -> 192.16.204.213:53 ....S. 40 1 40 0 0 40 1 2022-09-12 19:54:04.130 52.830 TCP 10.160.68.26:53 -> 192.168.0.254:55024 .AP... 0 319 349200 6 52879 1094 1 2022-09-12 20:04:27.090 1426.890 TCP 10.160.68.26:53 -> 192.168.0.254:10035 .AP... 0 245007 349.3 M 171 2.0 M 1425 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:62415 -> 192.168.0.254:10014 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:64165 -> 192.168.0.254:10053 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:63760 -> 192.168.0.254:10123 ...... 0 2 116 0 0 58 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:49521 -> 192.168.0.254:10135 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:61534 -> 192.168.0.254:10145 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50694 -> 192.168.0.254:10068 ...... 0 2 192 0 0 96 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50557 -> 192.168.0.254:10037 ...... 0 2 192 0 0 96 1 2022-09-01 00:38:35.710 5.000 UDP 10.160.252.205:21343 -> 192.168.0.254:100379 ...... 0 4 1256 0 2009 314 1 2022-09-01 00:38:40.660 5.010 UDP 10.160.252.205:2500 -> 192.168.0.254:10790 ...... 0 4 976 0 1558 244 1 2022-09-01 00:38:45.710 7.960 UDP 10.160.252.205:29718 -> 192.168.0.254:10357 ...... 0 4 1256 0 1262 314 1 2022-09-01 00:38:50.670 6.440 UDP 10.160.252.205:5733 -> 192.168.0.254:23032 ...... 0 4 960 0 1192 240 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:42531 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:49651 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:35340 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 What Next? Network Traffic – NetFlow with NFSen ***Manipulated sample data
What Next? Network Traffic – span traffic with Zeek Roaming around with Zeek – Using existing script to find DNS activity – Finding subdomains with random TLD and longer names. – Finding subdomains with upper/lower/numbers – DNS beaconing
What Next? – With high-end Threat freed, 85%-93% of Cyber attack can be stopped with DNS RPZ. – Adversaries are evolving their attack tactics. Incorporate ML/NLP to detect DGA in DNS Query log.
THANK YOU

Recomendados

An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP ServicesBangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityBangladesh Network Operators Group
 
Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Araf Karsh Hamid
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
CCIE Certificate
CCIE CertificateCCIE Certificate
CCIE Certificate??????? ????? ? ? (Ravindra Kumar M A)
 

Recomendados

An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP ServicesBangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityBangladesh Network Operators Group
 
Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Blockchain Intro to Hyperledger Fabric
Blockchain Intro to Hyperledger Fabric Araf Karsh Hamid
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
CCIE Certificate
CCIE CertificateCCIE Certificate
CCIE Certificate??????? ????? ? ? (Ravindra Kumar M A)
 
Paving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTPaving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTQualcomm Research
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filterAchmad Mardiansyah
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusDashamir Hoxha
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfGLC Networks
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw tableAchmad Mardiansyah
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7GLC Networks
 
Enrutamiento dinamico eigrp ospf
Enrutamiento dinamico eigrp ospfEnrutamiento dinamico eigrp ospf
Enrutamiento dinamico eigrp ospfcyberleon95
 
Seamless mpls
Seamless mpls Seamless mpls
Seamless mpls Sherif Hussein
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
 
Digital signature
Digital signatureDigital signature
Digital signatureNisha Menon K
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Rajendra Dangwal
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentationSasi Reddy
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik HotspotGLC Networks
 
Policy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikPolicy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikGLC Networks
 
VLAN on mikrotik
VLAN on mikrotikVLAN on mikrotik
VLAN on mikrotikAchmad Mardiansyah
 
Can artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureCan artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureA. S. M. Shamim Reza
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêterNetSecure Day
 

Más contenido relacionado

La actualidad más candente

Paving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTPaving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTQualcomm Research
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusDashamir Hoxha
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfGLC Networks
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7GLC Networks
 
Enrutamiento dinamico eigrp ospf
Enrutamiento dinamico eigrp ospfEnrutamiento dinamico eigrp ospf
Enrutamiento dinamico eigrp ospfcyberleon95
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Rajendra Dangwal
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentationSasi Reddy
 
Policy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikPolicy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikGLC Networks
 

La actualidad más candente (20)

Paving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTPaving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoT
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdf
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw table
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
 
Enrutamiento dinamico eigrp ospf
Enrutamiento dinamico eigrp ospfEnrutamiento dinamico eigrp ospf
Enrutamiento dinamico eigrp ospf
 
Seamless mpls
Seamless mpls Seamless mpls
Seamless mpls
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
 
Digital signature
Digital signatureDigital signature
Digital signature
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)
 
Ixia presentation
Ixia presentationIxia presentation
Ixia presentation
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
 
Policy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikPolicy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on Mikrotik
 
VLAN on mikrotik
VLAN on mikrotikVLAN on mikrotik
VLAN on mikrotik
 

Similar a 12 Years in DNS Security As a Defender

Can artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureCan artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureA. S. M. Shamim Reza
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêterNetSecure Day
 
LISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF ExporterLISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF ExporterIvan Babrou
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jonesarborjjones
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるJUNICHI YOSHISE
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginEC-Council
 
Forensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateForensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateAPNIC
 
2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715APNIC
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
How Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with CatchpointHow Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with CatchpointDevOps.com
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Business Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical NetworksBusiness Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical NetworksTal Lavian Ph.D.
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationE.S.G. JR. Consulting, Inc.
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesJames Anderson
 
NPM10.5 Come See Whats New
NPM10.5 Come See Whats NewNPM10.5 Come See Whats New
NPM10.5 Come See Whats NewSolarWinds
 

Similar a 12 Years in DNS Security As a Defender (20)

Can artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureCan artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructure
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
 
LISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF ExporterLISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
 
Forensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateForensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An Update
 
2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
How Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with CatchpointHow Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with Catchpoint
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
 
Business Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical NetworksBusiness Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical Networks
 
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
 
NPM10.5 Come See Whats New
NPM10.5 Come See Whats NewNPM10.5 Come See Whats New
NPM10.5 Come See Whats New
 

Más de Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Más de Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS Approach
 

Último

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Último (20)

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 

12 Years in DNS Security As a Defender

  • 1. 12 Years in DNS Security As a Defender A. S. M. Shamim Reza bdNOG 15 Dhaka 09-12 December, 2022
  • 2. [~]$whoami|– 12+ years worked at ISP – Chief Technology Officer, Pipeline Inc. – Community Trainer, APNIC @asmshamimreza on Linkedin @shamimrezasohag on Twitter
  • 3. What is DNS? DNS Domain Name System Inventor Dr. Paul Mockapetris Year 1983 RFC 882 & 883 Port 53 TCP/UDP Place University of Southern California’s Information Sciences Institute “I designed the DNS so that the name- space could be anything you wanted it to be.” – Dr. Paul Mockapetris
  • 5. Attacker likes DNS 91.3% of malware uses DNS in attacks 68% of Organization don't monitor DNS
  • 6. Cyber Attacks on DNS Attacks using DNS Server Reflection Attack DNS Tunneling DGA Command & Control Attacks that Target DNS Server DDoS Recursive Query Attacks Cache Poisoning Attacks Buffer overflow Port Scan
  • 7. Stat on 53 port – Bangladesh Listening IPs 64,576
  • 9. Observing DDoS Findings Mitigation Technique? Authoritative & Recursive service at the same system Separated them into different Hosts Service was running with Same OS and Bind service Migrated with BIND+CentOS & Unbound+FreeBSD Recursive resolver was Central Deployed IP Anycast for Recursive DNS in multiple region. Initial goal was to increase service availability
  • 10. Observing DDoS – additional steps – OS installation was practice with Minimal ISO. – Allowed only required service port. – Practiced IP ACL on remote access at Host based firewall. – Imposed IP ACL on DNS service configuration. – Disabled service version exposer. – Automatic update on OS Kernel, packages and patches. – BIND configured with CHROOT.
  • 11. Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization Log File Category Definition: category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; };
  • 12. Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – Used DNSTOP for automated Stats check from CLI – DNSTOP can be used in all the Linux variants. – In addition we have used generic utilities from the CLI to get the summary. # cat query.log | cut -d " " -f 10 | sort | uniq -c | sort -n 23506 www.google.com 26679 imgcdn.ptvcdn.net 28539 outlook.office.com 47835 dns.google 100117 time-c.timefreq.bldrdoc.gov 100533 time-b.timefreq.bldrdoc.gov 101298 time-a.timefreq.bldrdoc.gov # cat query.log | cut -d " " -f 10 | cut -d "." -f "2-3" | sort | uniq -c | sort -n 31836 office.com 36193 ms-acdc.office 39567 events.data 42475 google.com 47835 google 301948 timefreq.bldrdoc
  • 13. Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – With the CLI based check, we face few challenges as the log volume was increasing day by day. – time consuming – repetitive task for the same activity (scripting wasnt helping) Deployed Grafana eco-system to get all the Stats + logs and then visualized. Focused was to get all the insights on NXDOMAIN.
  • 14. Looking beyond NXDOMAIN! – Observed overall pattern of NXDOMAIN across the DNS infra – Few zones crosses the threshold on a specific time in max of cases – Log shows C&C communication in a few cases, decided to dig deep for NXDOMAIN – Installed Suricata NIDS in the DNS Infra and start monitoring the activity
  • 15. Including active Defense! – The outcome of the analysis, after incorporating Suricata, was enormous. – To overcome the issue, plan to deploy DNS RPZ
  • 16.
  • 17. What Next? Network Traffic – NetFlow with NFSen Roaming around in NetFlow – Searched for IPs listening on 53 port to mitigate OpenResolver – Setup threshold on traffic on 53 port both for TCP & UDP – Looking for a specific region that uses the 53 port heavily. – Looking for IPs that are sending 40<= bytes of PKT.
  • 18. Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows 2022-08-20 11:57:20.410 7.040 UDP 10.160.252.254:55427 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:20.430 7.040 UDP 10.160.252.254:55429 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:51601 -> 192.168.0.254:99032 ...... 0 4 276 0 313 69 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:56961 -> 192.168.0.254:19032 ...... 0 4 276 0 313 69 1 2022-07-10 22:52:31.540 158.330 UDP 10.175.8.138:53 -> 192.168.0.254:19032 ...... 0 111 7509 0 379 67 1 2022-07-10 22:52:26.570 199.400 UDP 10.175.8.78:53 -> 192.168.0.254:20031 ...... 0 90 6123 0 245 68 1 2022-07-10 22:54:01.770 147.120 UDP 10.175.21.234:53 -> 192.168.0.254:60245 ...... 0 104 7526 0 409 72 1 2022-07-10 22:54:25.950 133.830 UDP 10.175.24.160:53 -> 192.168.0.254:8206 ...... 0 117 8018 0 479 68 1 2022-07-10 22:52:24.280 280.700 UDP 10.175.22.226:53 -> 192.168.0.254:94036 ...... 0 117 8836 0 251 75 1 2022-09-08 19:06:41.210 0.000 UDP 10.160.252.188:61902 -> 192.168.0.254:12023 ...... 0 1 45 0 0 45 1 2022-09-08 21:08:20.570 0.000 UDP 10.160.252.212:40960 -> 192.168.0.254:10046 ...... 0 1 45 0 0 45 1 2022-08-26 21:44:18.720 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:12067 ...... 72 1 28 0 0 28 1 2022-08-26 21:45:11.320 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:11057 ...... 72 1 40 0 0 40 1 2022-08-26 21:47:33.480 0.000 TCP 88.6.232.5:42671 -> 192.16.204.219:53 ....S. 40 1 40 0 0 40 1 2022-08-26 22:18:58.290 0.000 TCP 88.6.232.5:52561 -> 192.16.204.213:53 ....S. 40 1 40 0 0 40 1 2022-09-12 19:54:04.130 52.830 TCP 10.160.68.26:53 -> 192.168.0.254:55024 .AP... 0 319 349200 6 52879 1094 1 2022-09-12 20:04:27.090 1426.890 TCP 10.160.68.26:53 -> 192.168.0.254:10035 .AP... 0 245007 349.3 M 171 2.0 M 1425 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:62415 -> 192.168.0.254:10014 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:64165 -> 192.168.0.254:10053 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:63760 -> 192.168.0.254:10123 ...... 0 2 116 0 0 58 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:49521 -> 192.168.0.254:10135 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:61534 -> 192.168.0.254:10145 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50694 -> 192.168.0.254:10068 ...... 0 2 192 0 0 96 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50557 -> 192.168.0.254:10037 ...... 0 2 192 0 0 96 1 2022-09-01 00:38:35.710 5.000 UDP 10.160.252.205:21343 -> 192.168.0.254:100379 ...... 0 4 1256 0 2009 314 1 2022-09-01 00:38:40.660 5.010 UDP 10.160.252.205:2500 -> 192.168.0.254:10790 ...... 0 4 976 0 1558 244 1 2022-09-01 00:38:45.710 7.960 UDP 10.160.252.205:29718 -> 192.168.0.254:10357 ...... 0 4 1256 0 1262 314 1 2022-09-01 00:38:50.670 6.440 UDP 10.160.252.205:5733 -> 192.168.0.254:23032 ...... 0 4 960 0 1192 240 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:42531 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:49651 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:35340 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 What Next? Network Traffic – NetFlow with NFSen ***Manipulated sample data
  • 19. What Next? Network Traffic – span traffic with Zeek Roaming around with Zeek – Using existing script to find DNS activity – Finding subdomains with random TLD and longer names. – Finding subdomains with upper/lower/numbers – DNS beaconing
  • 20. What Next? – With high-end Threat freed, 85%-93% of Cyber attack can be stopped with DNS RPZ. – Adversaries are evolving their attack tactics. Incorporate ML/NLP to detect DGA in DNS Query log.