SlideShare ist ein Scribd-Unternehmen logo

DNS Extraction and Visualization Algorithms

A
arleybls

Presentation, Algorithms for extraction and visualization of metadata from Domain Name Server records -- Algorithms for extraction and visualization of metadata from Domain Name Server records

1 von 20
Downloaden Sie, um offline zu lesen
Universidade Lusófona de Humanidades e Tecnologias Instituto de Telecomunicações Universidade da Beira Interior Algorithms for extraction and visualization of meta-data from Domain Name Server records Arley Leal Silveira Nuno M. Garcia arleybls@gmail.com, ngarcia@professores.ulusofona.pt == MESH 2010, 20th July 2010, Mestre / Venice, Italy ==
Algorithms for extraction and visualization of meta-data from Domain Name Server records Agenda Introduction / Motivation Algorithms Results Conclusions ngarcia@professores.ulusofona.pt 2
Algorithms for extraction and visualization of meta-data from Domain Name Server records Introduction Domain Name System is a distributed hierarchical network service / infra-structure that contains the relations between the names and the IP addresses of machines who deliver services over an IP network. Typically a large organization deploys its own DNS server(s). To manage the information in these servers can be ... troublesome. ngarcia@professores.ulusofona.pt 3
Algorithms for extraction and visualization of meta-data from Domain Name Server records Introduction / Motivation “ If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu, the Art of War ngarcia@professores.ulusofona.pt 4
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms There are a number of tools which already do this (DioNiSio, dnsmap, dnsenum, ...) We combined all the goodies from other tools, and added typing errors (several flavours) and transposition. ngarcia@professores.ulusofona.pt 5
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms We can query the DNS database, to look for responses for URL names. We can use a number of strategies TLD rotation brute force dictionary attack typing errors ngarcia@professores.ulusofona.pt 6
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms TDL rotation brute force dictionary attack typing errors Can be used conjointly, and deploying threads. ngarcia@professores.ulusofona.pt 7
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms TLD rotation uses the TLD definition from IANA looks for domains which are similar to the one we want, except on the TLD domain suffix, incluing second level TLD domains. ngarcia@professores.ulusofona.pt 8
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms TLD rotation ngarcia@professores.ulusofona.pt 9
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Brute force generates random words from a set of characters and numbers, up to a defined length looks for sub-domains of the domain we want. ngarcia@professores.ulusofona.pt 10
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Brute force ngarcia@professores.ulusofona.pt 11
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Dictionary attack uses words from a list (dictionary) looks for sub-domains of the domain we want. ngarcia@professores.ulusofona.pt 12
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Dictionary attack ngarcia@professores.ulusofona.pt 13
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Typing errors uses three different approaches transposition (using the key close the one you wanted to type) double typing (doublee typingg) omission (omssion) looks for domains that are similar to the domain we want. ngarcia@professores.ulusofona.pt 14
Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Typing errors ngarcia@professores.ulusofona.pt 15
Algorithms for extraction and visualization of meta-data from Domain Name Server records Integration with a visualization tool txdns is usable with Maltego from Paterva to achieve this, the standard output of the tool was redirected to an XML stream formatted according to the rules of Maltego; you also need to create a resource, and add a DNS context to the Maltego workspace; Maltego allows for a intuitive visualization of the data, and to query again a previously obtained result. ngarcia@professores.ulusofona.pt 16
Algorithms for extraction and visualization of meta-data from Domain Name Server records ngarcia@professores.ulusofona.pt 17
Algorithms for extraction and visualization of meta-data from Domain Name Server records ngarcia@professores.ulusofona.pt 18
Algorithms for extraction and visualization of meta-data from Domain Name Server records Conclusions txdns implements several strategies and algorithms to query the DNS infrastructure; it is deployable using threads, and it was build in C, so it is portable; may be integrated with visualization tools such as Paterva’s Maltego; both the executable file and the source code are avaliable online ate http://netlab.ulusofona.pt/id Thank you. Questions? ngarcia@professores.ulusofona.pt 19
Algorithms for extraction and visualization of meta-data from Domain Name Server records CONCLUSIONS txdns implements several Thank you! strategies and algorithms to query the DNS Questions? infrastructure; it is deployable using Algorithms for extraction and threads, and it was build in C, so it is portable; visualization of meta-data from may be integrated with Domain Name Server records visualization tools such as Paterva’s Maltego; Arley Leal Silveira both the executable file and Nuno M. Garcia the source code are avaliable online ate http:// arleybls@gmail.com, ngarcia@professores.ulusofona.pt netlab.ulusofona.pt/id MESH 2010, 20th July 2010, Mestre / Venice, Italy ngarcia@professores.ulusofona.pt 20

Empfohlen

4092a081
4092a0814092a081
4092a081arleybls
 
Business Summit 1 - Creating Herefordshire's Brand
Business Summit 1 - Creating Herefordshire's BrandBusiness Summit 1 - Creating Herefordshire's Brand
Business Summit 1 - Creating Herefordshire's BrandJesse Norman
 
Gooduep final report Good Practices in University-Enterprise Partnerships GOO...
Gooduep final report Good Practices in University-Enterprise Partnerships GOO...Gooduep final report Good Practices in University-Enterprise Partnerships GOO...
Gooduep final report Good Practices in University-Enterprise Partnerships GOO...Innovum
 
Living Villages 2 - Dorstone Front Room
Living Villages 2 - Dorstone Front RoomLiving Villages 2 - Dorstone Front Room
Living Villages 2 - Dorstone Front RoomJesse Norman
 
Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...
Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...
Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...Innovum
 
Living Villages 1 - Localism and the Big Society
Living Villages 1 - Localism and the Big SocietyLiving Villages 1 - Localism and the Big Society
Living Villages 1 - Localism and the Big SocietyJesse Norman
 
Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...
Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...
Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...Innovum
 
Google Glass in Education
Google Glass in EducationGoogle Glass in Education
Google Glass in Educationjennifer moss
 

Empfohlen

4092a081
4092a0814092a081
4092a081arleybls
 
Business Summit 1 - Creating Herefordshire's Brand
Business Summit 1 - Creating Herefordshire's BrandBusiness Summit 1 - Creating Herefordshire's Brand
Business Summit 1 - Creating Herefordshire's BrandJesse Norman
 
Gooduep final report Good Practices in University-Enterprise Partnerships GOO...
Gooduep final report Good Practices in University-Enterprise Partnerships GOO...Gooduep final report Good Practices in University-Enterprise Partnerships GOO...
Gooduep final report Good Practices in University-Enterprise Partnerships GOO...Innovum
 
Living Villages 2 - Dorstone Front Room
Living Villages 2 - Dorstone Front RoomLiving Villages 2 - Dorstone Front Room
Living Villages 2 - Dorstone Front RoomJesse Norman
 
Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...
Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...
Formación de Capital Humano, Clave para la Innovación y Competitividad en Chi...Innovum
 
Living Villages 1 - Localism and the Big Society
Living Villages 1 - Localism and the Big SocietyLiving Villages 1 - Localism and the Big Society
Living Villages 1 - Localism and the Big SocietyJesse Norman
 
Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...
Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...
Do employers want what schools create? Hernán Araneda, gerente de Innovum, Fu...Innovum
 
Google Glass in Education
Google Glass in EducationGoogle Glass in Education
Google Glass in Educationjennifer moss
 
Oracle demantra online training
Oracle demantra online trainingOracle demantra online training
Oracle demantra online trainingGlory IT Technologies Pvt. Ltd.
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Sumo Logic
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questionssandi4204
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
Cassandra & puppet, scaling data at $15 per month
Cassandra & puppet, scaling data at $15 per monthCassandra & puppet, scaling data at $15 per month
Cassandra & puppet, scaling data at $15 per monthdaveconnors
 
Nhibernate Part 1
Nhibernate Part 1Nhibernate Part 1
Nhibernate Part 1guest075fec
 
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...Mark Tabladillo
 
Oracle Demantra Training
Oracle Demantra Training Oracle Demantra Training
Oracle Demantra Trainingwilliamflender
 
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISDETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISAIRCC Publishing Corporation
 
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISDETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISijcsit
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Sumo Logic
 
Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017mariosany
 
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023kreuzwerker GmbH
 
Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Sumo Logic
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform Seldon
 
Using SP Metal for faster share point development
Using SP Metal for faster share point developmentUsing SP Metal for faster share point development
Using SP Metal for faster share point developmentPranav Sharma
 
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...finalsemprojects
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Sumo Logic
 

Weitere ähnliche Inhalte

Ähnlich wie DNS Extraction and Visualization Algorithms

Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Sumo Logic
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questionssandi4204
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Mouaz Alnouri
 
Cassandra & puppet, scaling data at $15 per month
Cassandra & puppet, scaling data at $15 per monthCassandra & puppet, scaling data at $15 per month
Cassandra & puppet, scaling data at $15 per monthdaveconnors
 
Nhibernate Part 1
Nhibernate Part 1Nhibernate Part 1
Nhibernate Part 1guest075fec
 
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...Mark Tabladillo
 
Oracle Demantra Training
Oracle Demantra Training Oracle Demantra Training
Oracle Demantra Trainingwilliamflender
 
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISDETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISAIRCC Publishing Corporation
 
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISDETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISijcsit
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Sumo Logic
 
Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017mariosany
 
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023kreuzwerker GmbH
 
Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Sumo Logic
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform Seldon
 
Using SP Metal for faster share point development
Using SP Metal for faster share point developmentUsing SP Metal for faster share point development
Using SP Metal for faster share point developmentPranav Sharma
 
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...finalsemprojects
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Sumo Logic
 

Ähnlich wie DNS Extraction and Visualization Algorithms (20)

Oracle demantra online training
Oracle demantra online trainingOracle demantra online training
Oracle demantra online training
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017
 
136 latest dot net interview questions
136 latest dot net interview questions136 latest dot net interview questions
136 latest dot net interview questions
 
Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021Network security monitoring elastic webinar - 16 june 2021
Network security monitoring elastic webinar - 16 june 2021
 
Cassandra & puppet, scaling data at $15 per month
Cassandra & puppet, scaling data at $15 per monthCassandra & puppet, scaling data at $15 per month
Cassandra & puppet, scaling data at $15 per month
 
Nhibernate Part 1
Nhibernate Part 1Nhibernate Part 1
Nhibernate Part 1
 
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
Insider's introduction to microsoft azure machine learning: 201411 Seattle Bu...
 
Oracle Demantra Training
Oracle Demantra Training Oracle Demantra Training
Oracle Demantra Training
 
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISDETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
 
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSISDETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
DETECTION OF ALGORITHMICALLYGENERATED MALICIOUS DOMAIN USING FREQUENCY ANALYSIS
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
 
Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017
 
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
AWS & kreuzwerker Startup Day Warsaw - 09.11.2023
 
Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
 
TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform TensorFlow 16: Building a Data Science Platform
TensorFlow 16: Building a Data Science Platform
 
Using SP Metal for faster share point development
Using SP Metal for faster share point developmentUsing SP Metal for faster share point development
Using SP Metal for faster share point development
 
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
 
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
 

DNS Extraction and Visualization Algorithms

  • 1. Universidade Lusófona de Humanidades e Tecnologias Instituto de Telecomunicações Universidade da Beira Interior Algorithms for extraction and visualization of meta-data from Domain Name Server records Arley Leal Silveira Nuno M. Garcia arleybls@gmail.com, ngarcia@professores.ulusofona.pt == MESH 2010, 20th July 2010, Mestre / Venice, Italy ==
  • 2. Algorithms for extraction and visualization of meta-data from Domain Name Server records Agenda Introduction / Motivation Algorithms Results Conclusions ngarcia@professores.ulusofona.pt 2
  • 3. Algorithms for extraction and visualization of meta-data from Domain Name Server records Introduction Domain Name System is a distributed hierarchical network service / infra-structure that contains the relations between the names and the IP addresses of machines who deliver services over an IP network. Typically a large organization deploys its own DNS server(s). To manage the information in these servers can be ... troublesome. ngarcia@professores.ulusofona.pt 3
  • 4. Algorithms for extraction and visualization of meta-data from Domain Name Server records Introduction / Motivation “ If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu, the Art of War ngarcia@professores.ulusofona.pt 4
  • 5. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms There are a number of tools which already do this (DioNiSio, dnsmap, dnsenum, ...) We combined all the goodies from other tools, and added typing errors (several flavours) and transposition. ngarcia@professores.ulusofona.pt 5
  • 6. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms We can query the DNS database, to look for responses for URL names. We can use a number of strategies TLD rotation brute force dictionary attack typing errors ngarcia@professores.ulusofona.pt 6
  • 7. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms TDL rotation brute force dictionary attack typing errors Can be used conjointly, and deploying threads. ngarcia@professores.ulusofona.pt 7
  • 8. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms TLD rotation uses the TLD definition from IANA looks for domains which are similar to the one we want, except on the TLD domain suffix, incluing second level TLD domains. ngarcia@professores.ulusofona.pt 8
  • 9. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms TLD rotation ngarcia@professores.ulusofona.pt 9
  • 10. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Brute force generates random words from a set of characters and numbers, up to a defined length looks for sub-domains of the domain we want. ngarcia@professores.ulusofona.pt 10
  • 11. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Brute force ngarcia@professores.ulusofona.pt 11
  • 12. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Dictionary attack uses words from a list (dictionary) looks for sub-domains of the domain we want. ngarcia@professores.ulusofona.pt 12
  • 13. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Dictionary attack ngarcia@professores.ulusofona.pt 13
  • 14. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Typing errors uses three different approaches transposition (using the key close the one you wanted to type) double typing (doublee typingg) omission (omssion) looks for domains that are similar to the domain we want. ngarcia@professores.ulusofona.pt 14
  • 15. Algorithms for extraction and visualization of meta-data from Domain Name Server records Algorithms Typing errors ngarcia@professores.ulusofona.pt 15
  • 16. Algorithms for extraction and visualization of meta-data from Domain Name Server records Integration with a visualization tool txdns is usable with Maltego from Paterva to achieve this, the standard output of the tool was redirected to an XML stream formatted according to the rules of Maltego; you also need to create a resource, and add a DNS context to the Maltego workspace; Maltego allows for a intuitive visualization of the data, and to query again a previously obtained result. ngarcia@professores.ulusofona.pt 16
  • 17. Algorithms for extraction and visualization of meta-data from Domain Name Server records ngarcia@professores.ulusofona.pt 17
  • 18. Algorithms for extraction and visualization of meta-data from Domain Name Server records ngarcia@professores.ulusofona.pt 18
  • 19. Algorithms for extraction and visualization of meta-data from Domain Name Server records Conclusions txdns implements several strategies and algorithms to query the DNS infrastructure; it is deployable using threads, and it was build in C, so it is portable; may be integrated with visualization tools such as Paterva’s Maltego; both the executable file and the source code are avaliable online ate http://netlab.ulusofona.pt/id Thank you. Questions? ngarcia@professores.ulusofona.pt 19
  • 20. Algorithms for extraction and visualization of meta-data from Domain Name Server records CONCLUSIONS txdns implements several Thank you! strategies and algorithms to query the DNS Questions? infrastructure; it is deployable using Algorithms for extraction and threads, and it was build in C, so it is portable; visualization of meta-data from may be integrated with Domain Name Server records visualization tools such as Paterva’s Maltego; Arley Leal Silveira both the executable file and Nuno M. Garcia the source code are avaliable online ate http:// arleybls@gmail.com, ngarcia@professores.ulusofona.pt netlab.ulusofona.pt/id MESH 2010, 20th July 2010, Mestre / Venice, Italy ngarcia@professores.ulusofona.pt 20