[dns-operations] fyi-- "The Domain Name Service as an IDS"

Roland Dobbins rdobbins at cisco.com
Wed Aug 16 17:21:41 UTC 2006

On Aug 16, 2006, at 9:54 AM, Paul Vixie wrote:

> "How DNS can be used for detecting and monitoring badware in a  
> network"

Kumamoto University in Tokyo have also done some interesting  
preliminary work in this arena:



The DNS is a tremendous source for behavioral information; one should  
think that anomaly-detection techniques could be applied to DNS  
queries in much the same way as they can be to NetFlow telemetry.

BGP and the various IGPs are another underutilized trove of  
operationally-relevant information.

Roland Dobbins <rdobbins at cisco.com> // 408.528.6376 voice

Some problems are so complex that you have to be highly intelligent
and well-informed just to be undecided about them.

   	      	    -- Laurence J. Peter

More information about the dns-operations mailing list