10–11 May 2014
Sofitel Warsaw Victoria
Europe/Warsaw timezone

Zeroing in on Zero Days

10 May 2014, 15:30
30m
Opera (Sofitel Warsaw Victoria)

Opera

Sofitel Warsaw Victoria

11 Królewska Street 00-065 Warsaw
Public Workshop

Speaker

Bruce van Nice (Nominum)

Description

The presentation will cover findings from a Terabyte of anonymized DNS data collected every day from around the world. We’ll present data and analysis techniques and discuss how we’re automating the cycle of identifying and validating behaviors such as the ones described below to zero in quickly on zero days and minimize their damage. - Appearances of new “purpose built” domains registered exclusively for amplification attacks - A new trend of a small set of domains that go from zero (or very small) traffic and then spike to millions or 10s of millions of queries per day over a couple of days, using millions of unique random subdomains. We'll also discuss DNS amplification attack activity at a macro and micro level.

Primary author

Paul O' Leary (Nominum)

Presentation materials