OARC 35 (Online)

Name: OARC 35 (Online)
Start: 2021-05-06T00:45:00+00:00
End: 2021-05-07T09:05:00+00:00
Location: No location set

6–7 May 2021

UTC timezone

OARC 35 Day 1 - begins 01:00 UTC Today 6 May.

DONATE
Overview
Schedule
Speakers & Presentations
Sponsors
Attendee List
Registration
Surveys
Twitter: #OARC35
Mattermost: Workshops on chat.dns-oarc.net
About DNS-OARC

OARC 35 Admin

admin@dns-oarc.net
meeting@dns-oarc.net

Botnet Traffic Observed at Various Levels of the DNS Hierarchy

7 May 2021, 01:00

25m

Standard Presentation Online Workshop OARC 35 Day 2

Duane Wessels (Verisign)

This presentation explores DNS traffic patterns for a garrulous botnet observed at the root, authoritative TLD name servers, and delegated name servers. We will present measurements of DNS query volume observed at each of these layers while conducting various experiments on the sinkholed domains including variations of TTL, response codes, response sizes, and more. Our results highlight some operational insights into recursive resolver behaviors and the implications of managing / addressing botnet traffic.

Duane Wessels (Verisign) Matthew Thomas (Verisign)

verisign-sinkhole.pdf

OARC 35 (Online)

OARC 35 Admin

Botnet Traffic Observed at Various Levels of the DNS Hierarchy

Speaker

Description

Primary authors

Presentation materials

Choose timezone

OARC 35 (Online)

OARC 35 Admin

Speaker

Description

Primary authors

Presentation materials