I published the following diary on isc.sans.edu: “My Little DoH Setup“: “DoH”, this 3-letters acronym is a buzzword on the Internet in 2019! It has been implemented in Firefox, Microsoft announced that Windows will support it soon. They are pro & con about encrypting DNS requests in  HTTPS but it’s not the
I published the following diary on isc.sans.org: “Suspicious Domains Tracking Dashboard“. Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how
I published the following diary on isc.sans.org: “Systemd Could Fallback to Google DNS?“. Google is everywhere and provides free services to everyone. Amongst the huge list of services publicly available, there are the Google DNS, well known as 8.8.8.8, 8.8.4.4 (IPv4) and 2001:4860:4860::8888, 2001:4860:4860::8844Â (IPv6)… [Read more]
I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is
This is not new but it still happens in 2014… Hijacking a website with just a small e-mail. Here are the facts. For a while, I’m hosting a friend’s website. His website is quite old and it already moved from servers to servers depending on my deployed infrastructure. A few
Yesterday, I went to bed very late after writing some documentation. Everythink looked quite on the Intertubes. A last check on my Twitter timeline and I felt quickly asleep. This morning, I woke up and started my daily ritual… Coffee, mail, RSS feeds, Coffee, Twitter timeline… Wooow! Did I miss
For a while, DDoS are back on stage and one of the classic techniques still used today is the DNS Amplification attack. I won’t explain again the ins and outs, there are plenty of websites available which describe it – like the good article from CERT.be. This type of attack is
It looks that our beloved DNS protocol is again the center of interest for some security $VENDORS. For a while, I see more and more the expression “DNS Firewall” used in papers or presentations. It’s not a new buzz… The DNS protocol is well-known to be a excellent vector of
Yesterday was a black day for GoDaddy.com. During a few hours all they hosting services were interrupted. Mail, websites but, worse, all the DNS services were unavailable. The outage was caused by a member of Anonymous as said on Twitter but it’s not yet clear. Personally, who’s behind the attack,
Today was the last day of activity of the FBI servers which replaced the rogue DNS used by the DNSChanger malware. They allowed people infected by the virus to continue to work “as usual“. I won’t come back on this very long story. You should be back from a trip
