Professional Documents
Culture Documents
Detection and Forensics On DNS Tunelling
Detection and Forensics On DNS Tunelling
Detection and Forensics On DNS Tunelling
DNS Tunneling
Tim Helming, DomainTools
Agenda
1 2
EvilDomain.TLD EvilDomain
Registration Authoritative
DNS
4
1.2.3.4
3
Greenbug/ISMDoor Malware
Bot-generated Static, invalid
session ID addy: “Hi, bot!”
pwnyoudomain.com
lulzdomain.com
DNS data
hemorrhage wewinulosedomain.com
data trickle
info@domaintools.com