SlideShare ist ein Scribd-Unternehmen logo

12 Years in DNS Security As a Defender

Bangladesh Network Operators Group
Bangladesh Network Operators Group

12 Years in DNS Security As a Defender

Internet
1 von 21
Downloaden Sie, um offline zu lesen
12 Years in DNS Security As a Defender A. S. M. Shamim Reza bdNOG 15 Dhaka 09-12 December, 2022
[~]$whoami|– 12+ years worked at ISP – Chief Technology Officer, Pipeline Inc. – Community Trainer, APNIC @asmshamimreza on Linkedin @shamimrezasohag on Twitter
What is DNS? DNS Domain Name System Inventor Dr. Paul Mockapetris Year 1983 RFC 882 & 883 Port 53 TCP/UDP Place University of Southern California’s Information Sciences Institute “I designed the DNS so that the name- space could be anything you wanted it to be.” – Dr. Paul Mockapetris
How DNS Query Works?
Attacker likes DNS 91.3% of malware uses DNS in attacks 68% of Organization don't monitor DNS
Cyber Attacks on DNS Attacks using DNS Server Reflection Attack DNS Tunneling DGA Command & Control Attacks that Target DNS Server DDoS Recursive Query Attacks Cache Poisoning Attacks Buffer overflow Port Scan
Stat on 53 port – Bangladesh Listening IPs 64,576
Lets talk about the Journey
Observing DDoS Findings Mitigation Technique? Authoritative & Recursive service at the same system Separated them into different Hosts Service was running with Same OS and Bind service Migrated with BIND+CentOS & Unbound+FreeBSD Recursive resolver was Central Deployed IP Anycast for Recursive DNS in multiple region. Initial goal was to increase service availability
Observing DDoS – additional steps – OS installation was practice with Minimal ISO. – Allowed only required service port. – Practiced IP ACL on remote access at Host based firewall. – Imposed IP ACL on DNS service configuration. – Disabled service version exposer. – Automatic update on OS Kernel, packages and patches. – BIND configured with CHROOT.
Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization Log File Category Definition: category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; };
Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – Used DNSTOP for automated Stats check from CLI – DNSTOP can be used in all the Linux variants. – In addition we have used generic utilities from the CLI to get the summary. # cat query.log | cut -d " " -f 10 | sort | uniq -c | sort -n 23506 www.google.com 26679 imgcdn.ptvcdn.net 28539 outlook.office.com 47835 dns.google 100117 time-c.timefreq.bldrdoc.gov 100533 time-b.timefreq.bldrdoc.gov 101298 time-a.timefreq.bldrdoc.gov # cat query.log | cut -d " " -f 10 | cut -d "." -f "2-3" | sort | uniq -c | sort -n 31836 office.com 36193 ms-acdc.office 39567 events.data 42475 google.com 47835 google 301948 timefreq.bldrdoc
Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – With the CLI based check, we face few challenges as the log volume was increasing day by day. – time consuming – repetitive task for the same activity (scripting wasnt helping) Deployed Grafana eco-system to get all the Stats + logs and then visualized. Focused was to get all the insights on NXDOMAIN.
Looking beyond NXDOMAIN! – Observed overall pattern of NXDOMAIN across the DNS infra – Few zones crosses the threshold on a specific time in max of cases – Log shows C&C communication in a few cases, decided to dig deep for NXDOMAIN – Installed Suricata NIDS in the DNS Infra and start monitoring the activity
Including active Defense! – The outcome of the analysis, after incorporating Suricata, was enormous. – To overcome the issue, plan to deploy DNS RPZ
What Next? Network Traffic – NetFlow with NFSen Roaming around in NetFlow – Searched for IPs listening on 53 port to mitigate OpenResolver – Setup threshold on traffic on 53 port both for TCP & UDP – Looking for a specific region that uses the 53 port heavily. – Looking for IPs that are sending 40<= bytes of PKT.
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows 2022-08-20 11:57:20.410 7.040 UDP 10.160.252.254:55427 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:20.430 7.040 UDP 10.160.252.254:55429 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:51601 -> 192.168.0.254:99032 ...... 0 4 276 0 313 69 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:56961 -> 192.168.0.254:19032 ...... 0 4 276 0 313 69 1 2022-07-10 22:52:31.540 158.330 UDP 10.175.8.138:53 -> 192.168.0.254:19032 ...... 0 111 7509 0 379 67 1 2022-07-10 22:52:26.570 199.400 UDP 10.175.8.78:53 -> 192.168.0.254:20031 ...... 0 90 6123 0 245 68 1 2022-07-10 22:54:01.770 147.120 UDP 10.175.21.234:53 -> 192.168.0.254:60245 ...... 0 104 7526 0 409 72 1 2022-07-10 22:54:25.950 133.830 UDP 10.175.24.160:53 -> 192.168.0.254:8206 ...... 0 117 8018 0 479 68 1 2022-07-10 22:52:24.280 280.700 UDP 10.175.22.226:53 -> 192.168.0.254:94036 ...... 0 117 8836 0 251 75 1 2022-09-08 19:06:41.210 0.000 UDP 10.160.252.188:61902 -> 192.168.0.254:12023 ...... 0 1 45 0 0 45 1 2022-09-08 21:08:20.570 0.000 UDP 10.160.252.212:40960 -> 192.168.0.254:10046 ...... 0 1 45 0 0 45 1 2022-08-26 21:44:18.720 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:12067 ...... 72 1 28 0 0 28 1 2022-08-26 21:45:11.320 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:11057 ...... 72 1 40 0 0 40 1 2022-08-26 21:47:33.480 0.000 TCP 88.6.232.5:42671 -> 192.16.204.219:53 ....S. 40 1 40 0 0 40 1 2022-08-26 22:18:58.290 0.000 TCP 88.6.232.5:52561 -> 192.16.204.213:53 ....S. 40 1 40 0 0 40 1 2022-09-12 19:54:04.130 52.830 TCP 10.160.68.26:53 -> 192.168.0.254:55024 .AP... 0 319 349200 6 52879 1094 1 2022-09-12 20:04:27.090 1426.890 TCP 10.160.68.26:53 -> 192.168.0.254:10035 .AP... 0 245007 349.3 M 171 2.0 M 1425 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:62415 -> 192.168.0.254:10014 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:64165 -> 192.168.0.254:10053 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:63760 -> 192.168.0.254:10123 ...... 0 2 116 0 0 58 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:49521 -> 192.168.0.254:10135 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:61534 -> 192.168.0.254:10145 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50694 -> 192.168.0.254:10068 ...... 0 2 192 0 0 96 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50557 -> 192.168.0.254:10037 ...... 0 2 192 0 0 96 1 2022-09-01 00:38:35.710 5.000 UDP 10.160.252.205:21343 -> 192.168.0.254:100379 ...... 0 4 1256 0 2009 314 1 2022-09-01 00:38:40.660 5.010 UDP 10.160.252.205:2500 -> 192.168.0.254:10790 ...... 0 4 976 0 1558 244 1 2022-09-01 00:38:45.710 7.960 UDP 10.160.252.205:29718 -> 192.168.0.254:10357 ...... 0 4 1256 0 1262 314 1 2022-09-01 00:38:50.670 6.440 UDP 10.160.252.205:5733 -> 192.168.0.254:23032 ...... 0 4 960 0 1192 240 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:42531 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:49651 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:35340 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 What Next? Network Traffic – NetFlow with NFSen ***Manipulated sample data
What Next? Network Traffic – span traffic with Zeek Roaming around with Zeek – Using existing script to find DNS activity – Finding subdomains with random TLD and longer names. – Finding subdomains with upper/lower/numbers – DNS beaconing
What Next? – With high-end Threat freed, 85%-93% of Cyber attack can be stopped with DNS RPZ. – Adversaries are evolving their attack tactics. Incorporate ML/NLP to detect DGA in DNS Query log.
THANK YOU

Empfohlen

An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP ServicesBangladesh Network Operators Group
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
 

Empfohlen

An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP ServicesBangladesh Network Operators Group
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced trainingJignesh H. Bhalsod
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptxahmad661583
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangleAchmad Mardiansyah
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRBangladesh Network Operators Group
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain AttacksLionel Faleiro
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Siber Güvenlik Yaz Kampı'17 Soruları
Siber Güvenlik Yaz Kampı'17 SorularıSiber Güvenlik Yaz Kampı'17 Soruları
Siber Güvenlik Yaz Kampı'17 SorularıBGA Cyber Security
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
BGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringBGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringGLC Networks
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewSam Bowne
 
Can artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureCan artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureA. S. M. Shamim Reza
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêterNetSecure Day
 

Weitere ähnliche Inhalte

Was ist angesagt?

CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptxahmad661583
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Siber Güvenlik Yaz Kampı'17 Soruları
Siber Güvenlik Yaz Kampı'17 SorularıSiber Güvenlik Yaz Kampı'17 Soruları
Siber Güvenlik Yaz Kampı'17 SorularıBGA Cyber Security
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
BGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringBGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringGLC Networks
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewSam Bowne
 

Was ist angesagt? (20)

CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptx
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangle
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Siber Güvenlik Yaz Kampı'17 Soruları
Siber Güvenlik Yaz Kampı'17 SorularıSiber Güvenlik Yaz Kampı'17 Soruları
Siber Güvenlik Yaz Kampı'17 Soruları
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
BGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP PeeringBGP Services IP Transit vs IP Peering
BGP Services IP Transit vs IP Peering
 
Network security
Network security Network security
Network security
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts Review
 

Ähnlich wie 12 Years in DNS Security As a Defender

Can artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureCan artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureA. S. M. Shamim Reza
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêterNetSecure Day
 
LISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF ExporterLISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF ExporterIvan Babrou
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jonesarborjjones
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring SystemRofiq Fauzi
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるJUNICHI YOSHISE
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginEC-Council
 
Forensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateForensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateAPNIC
 
2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715APNIC
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science HungWei Chiu
 
How Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with CatchpointHow Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with CatchpointDevOps.com
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Business Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical NetworksBusiness Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical NetworksTal Lavian Ph.D.
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationE.S.G. JR. Consulting, Inc.
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesJames Anderson
 
NPM10.5 Come See Whats New
NPM10.5 Come See Whats NewNPM10.5 Come See Whats New
NPM10.5 Come See Whats NewSolarWinds
 

Ähnlich wie 12 Years in DNS Security As a Defender (20)

Can artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructureCan artificial intelligence secure your infrastructure
Can artificial intelligence secure your infrastructure
 
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
 
LISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF ExporterLISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
LISA18: Hidden Linux Metrics with Prometheus eBPF Exporter
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
 
Forensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An UpdateForensic Tracing in the Internet: An Update
Forensic Tracing in the Internet: An Update
 
2017 03-01-forensics 1488330715
2017 03-01-forensics 14883307152017 03-01-forensics 1488330715
2017 03-01-forensics 1488330715
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
How Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with CatchpointHow Autodesk Delivers Seamless Customer Experience with Catchpoint
How Autodesk Delivers Seamless Customer Experience with Catchpoint
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
 
Business Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical NetworksBusiness Model Concepts for Dynamically Provisioned Optical Networks
Business Model Concepts for Dynamically Provisioned Optical Networks
 
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud BoundariesGDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
 
NPM10.5 Come See Whats New
NPM10.5 Come See Whats NewNPM10.5 Come See Whats New
NPM10.5 Come See Whats New
 

Mehr von Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Mehr von Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 
Measuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 

Kürzlich hochgeladen

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 

Kürzlich hochgeladen (20)

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 

12 Years in DNS Security As a Defender

  • 1. 12 Years in DNS Security As a Defender A. S. M. Shamim Reza bdNOG 15 Dhaka 09-12 December, 2022
  • 2. [~]$whoami|– 12+ years worked at ISP – Chief Technology Officer, Pipeline Inc. – Community Trainer, APNIC @asmshamimreza on Linkedin @shamimrezasohag on Twitter
  • 3. What is DNS? DNS Domain Name System Inventor Dr. Paul Mockapetris Year 1983 RFC 882 & 883 Port 53 TCP/UDP Place University of Southern California’s Information Sciences Institute “I designed the DNS so that the name- space could be anything you wanted it to be.” – Dr. Paul Mockapetris
  • 5. Attacker likes DNS 91.3% of malware uses DNS in attacks 68% of Organization don't monitor DNS
  • 6. Cyber Attacks on DNS Attacks using DNS Server Reflection Attack DNS Tunneling DGA Command & Control Attacks that Target DNS Server DDoS Recursive Query Attacks Cache Poisoning Attacks Buffer overflow Port Scan
  • 7. Stat on 53 port – Bangladesh Listening IPs 64,576
  • 9. Observing DDoS Findings Mitigation Technique? Authoritative & Recursive service at the same system Separated them into different Hosts Service was running with Same OS and Bind service Migrated with BIND+CentOS & Unbound+FreeBSD Recursive resolver was Central Deployed IP Anycast for Recursive DNS in multiple region. Initial goal was to increase service availability
  • 10. Observing DDoS – additional steps – OS installation was practice with Minimal ISO. – Allowed only required service port. – Practiced IP ACL on remote access at Host based firewall. – Imposed IP ACL on DNS service configuration. – Disabled service version exposer. – Automatic update on OS Kernel, packages and patches. – BIND configured with CHROOT.
  • 11. Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization Log File Category Definition: category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; };
  • 12. Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – Used DNSTOP for automated Stats check from CLI – DNSTOP can be used in all the Linux variants. – In addition we have used generic utilities from the CLI to get the summary. # cat query.log | cut -d " " -f 10 | sort | uniq -c | sort -n 23506 www.google.com 26679 imgcdn.ptvcdn.net 28539 outlook.office.com 47835 dns.google 100117 time-c.timefreq.bldrdoc.gov 100533 time-b.timefreq.bldrdoc.gov 101298 time-a.timefreq.bldrdoc.gov # cat query.log | cut -d " " -f 10 | cut -d "." -f "2-3" | sort | uniq -c | sort -n 31836 office.com 36193 ms-acdc.office 39567 events.data 42475 google.com 47835 google 301948 timefreq.bldrdoc
  • 13. Looking for other Attacks? increase insights – Started log storing – CLI based analytic – BIND Stats visualization – With the CLI based check, we face few challenges as the log volume was increasing day by day. – time consuming – repetitive task for the same activity (scripting wasnt helping) Deployed Grafana eco-system to get all the Stats + logs and then visualized. Focused was to get all the insights on NXDOMAIN.
  • 14. Looking beyond NXDOMAIN! – Observed overall pattern of NXDOMAIN across the DNS infra – Few zones crosses the threshold on a specific time in max of cases – Log shows C&C communication in a few cases, decided to dig deep for NXDOMAIN – Installed Suricata NIDS in the DNS Infra and start monitoring the activity
  • 15. Including active Defense! – The outcome of the analysis, after incorporating Suricata, was enormous. – To overcome the issue, plan to deploy DNS RPZ
  • 16.
  • 17. What Next? Network Traffic – NetFlow with NFSen Roaming around in NetFlow – Searched for IPs listening on 53 port to mitigate OpenResolver – Setup threshold on traffic on 53 port both for TCP & UDP – Looking for a specific region that uses the 53 port heavily. – Looking for IPs that are sending 40<= bytes of PKT.
  • 18. Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows 2022-08-20 11:57:20.410 7.040 UDP 10.160.252.254:55427 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:20.430 7.040 UDP 10.160.252.254:55429 -> 192.168.0.254:10032 ...... 0 4 280 0 318 70 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:51601 -> 192.168.0.254:99032 ...... 0 4 276 0 313 69 1 2022-08-20 11:57:21.500 7.050 UDP 10.160.252.254:56961 -> 192.168.0.254:19032 ...... 0 4 276 0 313 69 1 2022-07-10 22:52:31.540 158.330 UDP 10.175.8.138:53 -> 192.168.0.254:19032 ...... 0 111 7509 0 379 67 1 2022-07-10 22:52:26.570 199.400 UDP 10.175.8.78:53 -> 192.168.0.254:20031 ...... 0 90 6123 0 245 68 1 2022-07-10 22:54:01.770 147.120 UDP 10.175.21.234:53 -> 192.168.0.254:60245 ...... 0 104 7526 0 409 72 1 2022-07-10 22:54:25.950 133.830 UDP 10.175.24.160:53 -> 192.168.0.254:8206 ...... 0 117 8018 0 479 68 1 2022-07-10 22:52:24.280 280.700 UDP 10.175.22.226:53 -> 192.168.0.254:94036 ...... 0 117 8836 0 251 75 1 2022-09-08 19:06:41.210 0.000 UDP 10.160.252.188:61902 -> 192.168.0.254:12023 ...... 0 1 45 0 0 45 1 2022-09-08 21:08:20.570 0.000 UDP 10.160.252.212:40960 -> 192.168.0.254:10046 ...... 0 1 45 0 0 45 1 2022-08-26 21:44:18.720 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:12067 ...... 72 1 28 0 0 28 1 2022-08-26 21:45:11.320 0.000 UDP 142.93.132.42:55433 -> 192.16.204.217:11057 ...... 72 1 40 0 0 40 1 2022-08-26 21:47:33.480 0.000 TCP 88.6.232.5:42671 -> 192.16.204.219:53 ....S. 40 1 40 0 0 40 1 2022-08-26 22:18:58.290 0.000 TCP 88.6.232.5:52561 -> 192.16.204.213:53 ....S. 40 1 40 0 0 40 1 2022-09-12 19:54:04.130 52.830 TCP 10.160.68.26:53 -> 192.168.0.254:55024 .AP... 0 319 349200 6 52879 1094 1 2022-09-12 20:04:27.090 1426.890 TCP 10.160.68.26:53 -> 192.168.0.254:10035 .AP... 0 245007 349.3 M 171 2.0 M 1425 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:62415 -> 192.168.0.254:10014 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.650 0.000 UDP 10.160.252.254:64165 -> 192.168.0.254:10053 ...... 0 2 202 0 0 101 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:63760 -> 192.168.0.254:10123 ...... 0 2 116 0 0 58 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:49521 -> 192.168.0.254:10135 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.660 0.000 UDP 10.160.252.254:61534 -> 192.168.0.254:10145 ...... 0 2 198 0 0 99 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50694 -> 192.168.0.254:10068 ...... 0 2 192 0 0 96 1 2022-08-20 12:07:59.670 0.000 UDP 10.160.252.254:50557 -> 192.168.0.254:10037 ...... 0 2 192 0 0 96 1 2022-09-01 00:38:35.710 5.000 UDP 10.160.252.205:21343 -> 192.168.0.254:100379 ...... 0 4 1256 0 2009 314 1 2022-09-01 00:38:40.660 5.010 UDP 10.160.252.205:2500 -> 192.168.0.254:10790 ...... 0 4 976 0 1558 244 1 2022-09-01 00:38:45.710 7.960 UDP 10.160.252.205:29718 -> 192.168.0.254:10357 ...... 0 4 1256 0 1262 314 1 2022-09-01 00:38:50.670 6.440 UDP 10.160.252.205:5733 -> 192.168.0.254:23032 ...... 0 4 960 0 1192 240 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:42531 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:49651 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 2022-10-02 00:09:22.800 0.000 UDP 10.111.186.85:35340 -> 192.168.0.254:53 ...... 192 1 160 0 0 160 1 What Next? Network Traffic – NetFlow with NFSen ***Manipulated sample data
  • 19. What Next? Network Traffic – span traffic with Zeek Roaming around with Zeek – Using existing script to find DNS activity – Finding subdomains with random TLD and longer names. – Finding subdomains with upper/lower/numbers – DNS beaconing
  • 20. What Next? – With high-end Threat freed, 85%-93% of Cyber attack can be stopped with DNS RPZ. – Adversaries are evolving their attack tactics. Incorporate ML/NLP to detect DGA in DNS Query log.