May 10 – 11, 2014
Sofitel Warsaw Victoria
Europe/Warsaw timezone

Zeroing in on Zero Days

May 10, 2014, 3:30 PM
Opera (Sofitel Warsaw Victoria)


Sofitel Warsaw Victoria

11 Królewska Street 00-065 Warsaw
Public Workshop


Bruce van Nice (Nominum)


The presentation will cover findings from a Terabyte of anonymized DNS data collected every day from around the world. We’ll present data and analysis techniques and discuss how we’re automating the cycle of identifying and validating behaviors such as the ones described below to zero in quickly on zero days and minimize their damage. - Appearances of new “purpose built” domains registered exclusively for amplification attacks - A new trend of a small set of domains that go from zero (or very small) traffic and then spike to millions or 10s of millions of queries per day over a couple of days, using millions of unique random subdomains. We'll also discuss DNS amplification attack activity at a macro and micro level.

Primary author

Paul O' Leary (Nominum)

Presentation materials