Oct 11 – 13, 2014
Hyatt Regency Century Plaza
US/Pacific timezone

Bumblebee Demonstration

Oct 11, 2014, 5:15 PM
Westside (Hyatt Regency Century Plaza)


Hyatt Regency Century Plaza

2025 Avenue of the Stars Los Angeles California 90067 USA


Roy Arends (Nominet)


This demonstration-based talk will cover various results of Nominet's analytics efforts over the last four years. The talk will discuss various incidents, misconfigurations, bugs, attacks and malware behaviour we have uncovered by visualizing and interacting with DNS data. I’ll go through a few stories: 1) The limitations we had using existing tools, and the requirements we had when building our analytics tool. 2) How we found CVE-2011-2464 (BIND bug) by understanding how a secondary nameserver should behave, and subsequently looking for abnormalities. 3) How we spot suspicious behaviour and subsequently track a botnet. 4) How we spot abnormal behaviour and subsequently track crypto locker. 5) How two bugs in different implementations amplify eachother. A story about Google and BIND. 6) The effect of RRL during an attack. 7) How OpenDNS improved on their shutter time. 8) The importance of interaction _and_ visualisation (and as a natural consequence, timeliness).

Presentation materials

There are no materials yet.