[dns-operations] fyi-- "The Domain Name Service as an IDS"
Roland Dobbins
rdobbins at cisco.com
Wed Aug 16 17:21:41 UTC 2006
On Aug 16, 2006, at 9:54 AM, Paul Vixie wrote:
> "How DNS can be used for detecting and monitoring badware in a
> network"
Kumamoto University in Tokyo have also done some interesting
preliminary work in this arena:
http://www.cc.kumamoto-u.ac.jp/~musashi/musashicsec27.pdf
http://www.cc.kumamoto-u.ac.jp/~musashi/dsm32-12.pdf
The DNS is a tremendous source for behavioral information; one should
think that anomaly-detection techniques could be applied to DNS
queries in much the same way as they can be to NetFlow telemetry.
BGP and the various IGPs are another underutilized trove of
operationally-relevant information.
--------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.528.6376 voice
Some problems are so complex that you have to be highly intelligent
and well-informed just to be undecided about them.
-- Laurence J. Peter
More information about the dns-operations
mailing list