11-13 October 2014
Hyatt Regency Century Plaza
US/Pacific timezone
Home > Timetable > Session details > Contribution details


Hyatt Regency Century Plaza - Westside

Bumblebee Demonstration


  • Roy ARENDS

Abstract content

This demonstration-based talk will cover various results of Nominet's analytics efforts over the last four years.

The talk will discuss various incidents, misconfigurations, bugs, attacks and malware behaviour we have uncovered by visualizing and interacting with DNS data. I’ll go through a few stories:

1) The limitations we had using existing tools, and the requirements we had when building our analytics tool. 2) How we found CVE-2011-2464 (BIND bug) by understanding how a secondary nameserver should behave, and subsequently looking for abnormalities. 3) How we spot suspicious behaviour and subsequently track a botnet. 4) How we spot abnormal behaviour and subsequently track crypto locker. 5) How two bugs in different implementations amplify eachother. A story about Google and BIND. 6) The effect of RRL during an attack. 7) How OpenDNS improved on their shutter time. 8) The importance of interaction and visualisation (and as a natural consequence, timeliness).