Dark Side of the DNS Force
us-16-Wu-Dark-Side-Of-The-DNS-Force us-16-Wu-Dark-Side-Of-The-DNS-Force
Intro Subdomain Mechanism Impact Outro Operation Mitigation Mitigation Option • SUBDOMAIN ATTACKS MAY BE MITIGATED WITH VARYING RESULTS: • Drop queries with random strings • Limit queries with random strings • Limit queries per IP address • Limit queries per domain • Drop queries per domain • What about high-value targets?
Intro Subdomain Mechanism Impact Outro Innovation Defense Dark Side Innovation SIMPLE PROTOCOL ABUSE CAN BECOME A MAJOR SECURITY HEADACHE AND COSTLY MITIGATION: • DNS cache poisoning • DNS changer • DNS amplification • DNS subdomain • DNS tunneling
- Page 1 and 2: Dark Side of the DNS Force ERIK WU
- Page 3 and 4: Intro Subdomain Mechanism Impact Ou
- Page 5 and 6: Intro Subdomain Mechanism Impact Ou
- Page 7 and 8: Intro Subdomain Mechanism Impact Ou
- Page 9 and 10: Intro Subdomain Mechanism Impact Ou
- Page 11 and 12: Intro Subdomain Mechanism Impact Ou
- Page 13 and 14: Intro Subdomain Mechanism Impact Ou
- Page 15 and 16: Intro Subdomain Mechanism Impact Ou
- Page 17 and 18: Intro Subdomain Mechanism Impact Ou
- Page 19 and 20: Intro Subdomain Mechanism Impact Ou
- Page 21: Intro Subdomain Mechanism Impact Ou
- Page 25: Thanks and Questions
Intro<br />
Subdomain<br />
Mechanism<br />
Impact<br />
Outro<br />
Operation<br />
Mitigation<br />
Mitigation Option<br />
• SUBDOMAIN ATTACKS MAY BE MITIGATED<br />
WITH VARYING RESULTS:<br />
• Drop queries with random strings<br />
• Limit queries with random strings<br />
• Limit queries per IP address<br />
• Limit queries per domain<br />
• Drop queries per domain<br />
• What about high-value targets?