While lame delegation may be a warning in the DNS operators world, we discovered this past summer that it is a goldmine in the cybercrime operators world. In many DNS service providers, the malicious actor can claim the forgotten domain, leaving less fingerprint than a traditional dangling CNAME hijack. If there were concerns in the DNS community of this hijacking vector, it wasn't heard over...
A brief presentation on detecting and classifying DGA domains identified in real-world traffic using Passive DNS and Deep Learning.
We present the principles of DGA and Botnets, the fundamentals of Passive DNS and the tool used, and the Monitoring Panel that uses Deep Learning models integrated with Passive DNS to identify and classify these malicious domains in the São Paulo State University...
Malicious actors exploit the DNS namespace to carry out spam campaigns, phishing attacks, malware distribution, and other harmful activities. Combating these threats demands visibility into domain existence, ownership, and nameservice activity—insights that the DNS protocol itself does not inherently provide.
In this talk, I aim to brainstorm with the operational community about the...
I would like to submit a presentation to demonstrate the detection, analysis, and measurement of DNS Tunneling techniques in submitting a presentation for DNS-OARC workshops.
Pink-Lemur is a convolutional neural network trained to identify string encodings associated with data-exfiltration techniques in DNS. Using a character embedding table, and bottleneck convolutional architecture, we achieve an efficient and accurate technique to distinguish exfiltration and domain name labels that are prevalent in DNS. In addition to low false-positive requirements, fast and...
Authenticated Denial of Existence is one of the more challenging aspects of the DNSSEC protocol to understand. It is also one of the leading causes of implementation bugs in the field (as I've described at past OARC talks). Over time, a number of distinct variants of authenticated denial have emerged further complicating the landscape. This presentation will survey and compare the various...
DNSSEC online signing is computationally expensive. In general, DNSSEC signature cache can reduce the overhead of generating signature on the fly. However, signature caching will not be effective for responses of wildcard record in current Compact Denial of Existence implementations, because query names can be unique and valid with wildcard expansion. In this talk, we present a new method of...
The cache is arguably the most crucial component for the performance of a recursive resolver as perceived by its clients. In the case of a cache hit, the client receives a response without requiring the resolver to query the authoritative servers. Conversely, in the case of a cache miss, at least one (but often more) query to the authoritative servers is required.
Decisions about the...
The Internet relies on names: the ability to register and use domain names is fundamental to internet-based services. The global, distributed infrastructure that enables naming on the Internet depends on open-source software, maintained by a delicate balance of nonprofit organizations, volunteers, and commercial entities.
In this context, ICANN’s Security and Stability Advisory Committee...
It is no secret that DNS-over-HTTPS has a mixed reputation among the DNS community. While most of the discussion revolves around privacy and centralization; censorship resiliency is often overlooked.
In this talk I want to talk about why built-in censorship resistance has tangible benefits, how societal circumstances are another factor alongside technical design for DNS deployments and have...
