Oct 5 – 6, 2013
Wild Horse Pass Resort
America/Phoenix timezone

Needles in a Quadrillion-Straw Haystack

Oct 6, 2013, 2:20 PM
Komatke E/F (Wild Horse Pass Resort)

Komatke E/F

Wild Horse Pass Resort

www.wildhorsepassresort.com 5594 W. Wild Horse Pass Boulevard Chandler, Arizona 85226 USA


Sam Bretheim (Nominum)


We describe the construction of Nominum's system for large-scale analysis of DNS security data, some of the challenges involved in building that system, and some interesting things that we've found in the data. Particular points of interest include malware command-and-control detection and classification, detection of vulnerabilities and bugs in widespread DNS implementations, and a mysterious global pattern of unusual machine-generated queries.

Primary author

Sam Bretheim (Nominum)

Presentation materials