Dark Side of The DNS Force

by Erik Wu
Sept. 15, 2017 1 comment www.blackhat.com belen_caty

DNS is an essential substrate of the Internet, responsible for translating user-friendly Internet names into machine-friendly IP addresses. Without DNS, it would be an impossible mission for us to navigate through the Internet. In this talk, we will present and discuss an array of new secret weapons behind the emerging DNS-based attacks from the dark side. We will analyze the root causes for the recent surges of the Internet domain counts from 300-million a year ago to over 2-billion. Some real use cases will be shown to illustrate the domain surges' impact on the Internet's availability and stability, especially with spikes up to 5-billion domains. We will focus on the evolution of random subdomain weapon which can generate a large number of queries to nonexistent fully qualified domain names such as 01mp5u89.arkhamnetwork.org and 01k5jj4u.arkhamnetwork.org to overload and knock down both authoritative name servers and cache servers along the query paths.


Steven Ulm 8 months ago

Welcome to the dark side of DNS force, we have cookies. Literally!