Dark Side of the DNS Force
us-16-Wu-Dark-Side-Of-The-DNS-Force us-16-Wu-Dark-Side-Of-The-DNS-Force
Intro Subdomain Mechanism Impact Outro Operation Mitigation Mitigation Option • SUBDOMAIN ATTACKS MAY BE MITIGATED WITH VARYING RESULTS: • Drop queries with random strings • Limit queries with random strings • Limit queries per IP address • Limit queries per domain • Drop queries per domain • What about high-value targets?
Intro Subdomain Mechanism Impact Outro Innovation Defense Dark Side Innovation SIMPLE PROTOCOL ABUSE CAN BECOME A MAJOR SECURITY HEADACHE AND COSTLY MITIGATION: • DNS cache poisoning • DNS changer • DNS amplification • DNS subdomain • DNS tunneling
- Page 1 and 2: Dark Side of the DNS Force ERIK WU
- Page 3 and 4: Intro Subdomain Mechanism Impact Ou
- Page 5 and 6: Intro Subdomain Mechanism Impact Ou
- Page 7 and 8: Intro Subdomain Mechanism Impact Ou
- Page 9 and 10: Intro Subdomain Mechanism Impact Ou
- Page 11 and 12: Intro Subdomain Mechanism Impact Ou
- Page 13 and 14: Intro Subdomain Mechanism Impact Ou
- Page 15 and 16: Intro Subdomain Mechanism Impact Ou
- Page 17 and 18: Intro Subdomain Mechanism Impact Ou
- Page 19 and 20: Intro Subdomain Mechanism Impact Ou
- Page 21: Intro Subdomain Mechanism Impact Ou
- Page 25: Thanks and Questions
Intro<br />
Subdomain<br />
Mechanism<br />
Impact<br />
Outro<br />
Innovation<br />
Defense<br />
<strong>Dark</strong> <strong>Side</strong> Innovation<br />
SIMPLE PROTOCOL ABUSE CAN BECOME A MAJOR<br />
SECURITY HEADACHE AND COSTLY MITIGATION:<br />
• <strong>DNS</strong> cache poisoning<br />
• <strong>DNS</strong> changer<br />
• <strong>DNS</strong> amplification<br />
• <strong>DNS</strong> subdomain<br />
• <strong>DNS</strong> tunneling