Dr
Maciej Korczynski
(Deflt University of Technology)
5/15/17, 2:15 PM
Public Workshop
Standard Presentation
Domain names are a critical resource for legitimate users, but also for criminals. This has led to a variety of attacks on the underlying technology, the Domain Name System (DNS) infrastructure. Registrars have been hacked, attackers have set up malicious domain name resolution services and DNS caches have been poisoned. What most attacks share in common is that they compromise the resolution...
Dr
Giovane Moura
(SIDN Labs)
5/15/17, 2:45 PM
Public Workshop
Standard Presentation
Please see paper at[1] ,and blogpost at [2]
But in short, this is a concise survey paper on the forms of DNS abuse and their relation with TLD operators. We show how we can use the datasets we have in hand to detect these sorts of abuse, and how each of them have different business models that leave distinct traces on our datasets.
IMHO, I think other TLD operators may benefit from that....
Mr
Jaeson Schultz
(Cisco Systems)
5/15/17, 3:00 PM
Public Workshop
Standard Presentation
1. **Data exfiltration using the DNS**
A. Multigrain malware, and other examples of the use of DNS for data exfiltration
1. Detecting subdomain-type data exfiltration through statistical analysis of subdomain lengths
B. Use of DNS 0x20 / XQID / IDN as a covert channel
1. Cisco Talos stats on malware’s use of mixed-case, XQID, and other queries
C....
Dr
Sara Dickinson
(Sinodun IT)
5/15/17, 3:30 PM
Public Workshop
Standard Presentation
The DPRIVE Working Group has recently produced several standards relating to DNS-over-TLS as a method for encrypting Stub to recursive communications. Whilst there are several implementations available, deployment is still in the early stages.
Several experiment DNS-over-TLS servers have been running since 2016 and the dnsprivacy.net project is aiming to
- Increase DNS-over-TLS...
Mr
Willem Toorop
(NLnet Labs)
5/15/17, 3:45 PM
Public Workshop
Standard Presentation
Many transactions that need to be trustworthy, and possibly encrypted, start with a DNS query. If we consider security from the ground-up, we need to include end users DNS transactions with resolvers in the security realm. The minimal step is DNSSEC where the received data can be verified and validated to be correct and authentic. But if we want to take security and privacy a step further,...