CircleID has a comprehensive article on DNSSEC (The DNS Security Extensions): “A Fundamental Look at DNSSEC, Deployment, and DNS Security Extensions” that is worth reading.
Filed under: Information Security | Tagged: DNS | Leave a Comment »
Fun With Anycast (An Oldie But A Goodie)
Posted on August 19, 2006 by purpleslog
From Three Practical Ways to Improve Your Network by Kevin Miller.
I never got a chance to try this (specifically the Anycast‘d DNS Services) at my old job at a network service provider.
The network infrastructure lead was kind of an asshole. He didn’t want to do a DNS upgrade project, but he didn’t want me to [...]
Filed under: Information Technology, Uncategorized | Tagged: DNS | Leave a Comment »
Old Article – Whither DNS?
Posted on July 15, 2006 by purpleslog
From CicleID – Whither DNS?
But the most notable thing about DNS is its receding importance.
and then
Firstly, we’re spending more and more time finding things via search. I bookmark things much less than I used to. I don’t type domain names in very often. The standard approach is to Google the approximately right term. If the [...]
Filed under: Uncategorized | Tagged: DNS | Leave a Comment »
Moving Closer to Real-World DNSSEC Implementations for DNS
Posted on June 23, 2006 by purpleslog
SecuriTeam Blog reports that the ISC (which maintains BIND, a common DNS implementation), is setting up Registry called DLV to allow DNSEC to be rolled out now (not waiting for a Root and TLD servers getting signed).This would certainly hope with cache poisoning. I wonder how quickly organizations will make use of this.
DNS is not [...]
Filed under: Information Security | Tagged: DNS | Leave a Comment »
A Survey of DNS Security: Most Vulnerable and Valuable Assets
Posted on April 26, 2006 by purpleslog
Via digg:
"It is well-known that nameservers in the Domain Name System are vulnerable to a wide range of attacks. We recently performed a large scale survey to answer some basic questions about the legacy DNS"
read more
The article approached DNS security from an interesting point of view. It considered the total number of DNS servers involved [...]
Filed under: Information Security | Tagged: DNS | Leave a Comment »
DNS DDOS Mitigation Update
Posted on April 3, 2006 by purpleslog
I posted on the DNS DDOS attacks here and here.
I realize I left out one of the prudent steps all organizations should enforce as part of their Network Security Policy:
Only allow your internal clients to talk to your own DNS servers. This negates the situation were they are bot'd and used as part of a [...]
Filed under: Information Security | Tagged: DNS | Leave a Comment »
DNS DDOS attack with Splainy Diagrams
Posted on March 28, 2006 by purpleslog
A few days ago, I posted on the recent DNS based DDOS attacks going on.
Nirlog goes all splainy and shows how the attack happens with nicely done graphics.
Filed under: Information Security | Tagged: DNS | Leave a Comment »
DNS-based Distributed Denial of Service attacks
Posted on March 25, 2006 by purpleslog
CNET has a post on recent DNS-based DDOS Attacks:
"In this new kind of attack, an assailant would typically use a botnet to send a large number of queries to open DNS servers. These queries will be "spoofed" to look like they come from the target of the flooding, and the DNS server will reply to [...]
Filed under: Information Security, Lawfare | Tagged: DNS | 1 Comment »
