dnswitness recent developments and the new passive monitor
play

DNSwitness: recent developments and the new passive monitor St - PowerPoint PPT Presentation

Jan 17, 2023 •19 likes •689 views

DNSwitness: recent developments and the new passive monitor St ephane Bortzmeyer AFNIC bortzmeyer@nic.fr RIPE 59 - Lisbon - October 2009 1 DNSwitness: recent developments and the new passive monitor / Where are we in the talk? Reminder

  1. DNSwitness: recent developments and the new passive monitor St´ ephane Bortzmeyer AFNIC bortzmeyer@nic.fr RIPE 59 - Lisbon - October 2009 1 DNSwitness: recent developments and the new passive monitor /

  2. Where are we in the talk? Reminder about DNSwitness 1 Measurements based on passive observations 2 Preliminary Results 3 Future work 4 Measurements based on active queries 5 2 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  3. What is AFNIC AFNIC is the registry for the TLD “ .fr ” (France) . 54 employees, 1.5 million domain names and a R&D department. 3 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  4. Motivation A DNS registry has a lot of information it does not use. Our marketing team or the technical team ask for all sorts of things (“How many of our domains are used for e-mail only?”) for which we may have the answer. 4 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  5. More specific motivation Getting information about the deployment of new techniques like IPv6 We focus on things that we can obtain from the DNS because we are a domain name registry. 5 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  6. More specific motivation Getting information about the deployment of new techniques like IPv6 We focus on things that we can obtain from the DNS because we are a domain name registry. Possible surveys: IPv6, SPF, DNSSEC, EDNS0, Zonecheck. . . Let’s build a multi-purpose platform for that! 5 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  7. Other aims 1. Versatile , able to do many different surveys (most known tools deal only with one survey), 2. Works unattended (from cron, for instance), for periodic runs, 3. Stores raw results, not just aggregates, for long-term analysis, 4. Designed to be distributable, 5. Designed to be usable by small and medium actors (“ send the program to the users, not the data to a centralized analysis fabric ”). 6 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  8. What we can learn from the DNS (and beyond) ◮ What we send out : active DNS queries sent to domain name servers. Active measurements. (Presented at the RIPE 57 meeting in Dubai.) 7 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  9. What we can learn from the DNS (and beyond) ◮ What we send out : active DNS queries sent to domain name servers. Active measurements. (Presented at the RIPE 57 meeting in Dubai.) ◮ What comes in : DNS queries received by authoritative name servers, passively monitored (“Who knocks at the door and what are they asking for?”). Passive measurements. 7 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  10. What we can learn from the DNS (and beyond) ◮ What we send out : active DNS queries sent to domain name servers. Active measurements. (Presented at the RIPE 57 meeting in Dubai.) ◮ What comes in : DNS queries received by authoritative name servers, passively monitored (“Who knocks at the door and what are they asking for?”). Passive measurements. We work on both, study the long-term evolution and publish results. 7 DNSwitness: recent developments and the new passive monitor / Reminder about DNSwitness

  11. Where are we in the talk? Reminder about DNSwitness 1 Measurements based on passive observations 2 Preliminary Results 3 Future work 4 Measurements based on active queries 5 8 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  12. Passive observation of queries It works by passive monitoring of the “ fr ” name servers. We are talking about long-term monitoring, not just the quick glance that DSC offers. The idea is to address the needs of the R&D or of the marketing, not just the needs of the NOC. 9 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  13. Passive observation of queries It works by passive monitoring of the “ fr ” name servers. We are talking about long-term monitoring, not just the quick glance that DSC offers. The idea is to address the needs of the R&D or of the marketing, not just the needs of the NOC. It works mostly by Ethernet port mirroring. 9 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  14. Expected uses of the passive measurements It allows us to survey things like: 10 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  15. Expected uses of the passive measurements It allows us to survey things like: ◮ Percentage of servers without SPR (Source Port Randomisation, see “ .at ” publications). 10 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  16. Expected uses of the passive measurements It allows us to survey things like: ◮ Percentage of servers without SPR (Source Port Randomisation, see “ .at ” publications). ◮ Percentage of queries done over IPv6 transport (unlike DSC, we will be able to study long-term trends). 10 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  17. Expected uses of the passive measurements It allows us to survey things like: ◮ Percentage of servers without SPR (Source Port Randomisation, see “ .at ” publications). ◮ Percentage of queries done over IPv6 transport (unlike DSC, we will be able to study long-term trends). ◮ Percentage of queries with EDNS0 or DO. 10 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  18. Expected uses of the passive measurements It allows us to survey things like: ◮ Percentage of servers without SPR (Source Port Randomisation, see “ .at ” publications). ◮ Percentage of queries done over IPv6 transport (unlike DSC, we will be able to study long-term trends). ◮ Percentage of queries with EDNS0 or DO. ◮ Top N domains for which there is a NXDOMAIN reply. 10 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  19. Expected uses of the passive measurements It allows us to survey things like: ◮ Percentage of servers without SPR (Source Port Randomisation, see “ .at ” publications). ◮ Percentage of queries done over IPv6 transport (unlike DSC, we will be able to study long-term trends). ◮ Percentage of queries with EDNS0 or DO. ◮ Top N domains for which there is a NXDOMAIN reply. ◮ But the list is open. . . 10 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  20. Sampling Packet trace files can grow very large Dozens of gigabytes are very common. And, to process such humongous data, you need a lot of RAM! 11 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  21. Sampling Packet trace files can grow very large Dozens of gigabytes are very common. And, to process such humongous data, you need a lot of RAM! Sampling is often the only solution, unless you have a lot of disk and machine power 11 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  22. A framework for sampling ◮ RFC 5474, A Framework for Packet Selection and Reporting (the general framework and the concepts) ◮ RFC 5475, Sampling and Filtering Techniques for IP Packet Selection (actual techniques) ◮ RFC 5476, Packet Sampling (PSAMP) Protocol Specifications (not used by DNSmezzo) Among the sampling techniques listed by RFC 5475: systematic count-based, systematic time-based, random (with various distributions), . . . 12 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  23. Limits of sampling Sampling makes sampling errors . If a phenomenon is rare, sampling can make it disappear completely. . . or promote it if it falls in the sampling window! 13 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  24. Limits of sampling Sampling makes sampling errors . If a phenomenon is rare, sampling can make it disappear completely. . . or promote it if it falls in the sampling window! Do not forget to plot the error bars. 13 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

  25. Limits of sampling Sampling is not suitable for many security studies: the attack can be just between the sampled packets. Example: BIND dynamic update DoS attack of 2009 where one packet was enough. References: section 9 of RFC 5475 and S. Goldberg, J. Rexford, ”Security Vulnerabilities and Solutions for Packet Sampling”, IEEE Sarnoff Symposium, Princeton, NJ, May 2007 http://www.cs. princeton.edu/~jrex/papers/psamp-security07.pdf . 13 DNSwitness: recent developments and the new passive monitor / Measurements based on passive observations

Recommend

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments

Hand arm Vibration & Hand-arm Vibration & Recent Developments Recent Developments Stuart McGregor & Bruce Appleton Noise & Vibration Specialists p Health & Safety Executive What we are going to talk about What we are

415 views • 28 slides
Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments Mathew Joseph Senior Consultant, ICRIER India-Taiwan Relations ICRIER-CIER Joint Feasibility Study New Delhi 1 7 January 2011 1 Structure 1. An

505 views • 18 slides
The use of passive samplers to monitor effectiveness of AC amendment to contaminated sediments

The use of passive samplers to monitor effectiveness of AC amendment to contaminated sediments

The use of passive samplers to monitor effectiveness of AC amendment to contaminated sediments Amy M.P. Oen, Elisabeth M.L. Janssen, Gerard Cornelissen, Gijs D. Breedveld, Espen Eek and Richard G. Luthy NORDROCS 2012 Oslo, Norway 18-21

215 views • 20 slides
Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

REPUBLIC OF INDONESIA Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by Investors Relations Unit Republic Indonesia Address Bank Indonesia International Directorate / Division of Foreign Debt Analysis

1.65k views • 115 slides
Malaysia Economic Monitor The Quest for Productivity Growth 1 Contents RECENT ECONOMIC

Malaysia Economic Monitor The Quest for Productivity Growth 1 Contents RECENT ECONOMIC

Malaysia Economic Monitor The Quest for Productivity Growth 1 Contents RECENT ECONOMIC DEVELOPMENTS AND OUTLOOK External environment Domestic economic developments Outlook THE QUEST FOR PRODUCTIVITY GROWTH Productivity

734 views • 56 slides
Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments Announcement on definition Fuel Poverty Changing the Framework for Measurement: Government response Steps to amend the fuel poverty target

183 views • 15 slides
NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia

NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia

Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with

1.29k views • 76 slides
Background and involvement in passive seismic Passive Seismic in the Literature World Oil

Background and involvement in passive seismic Passive Seismic in the Literature World Oil

Background and involvement in passive seismic Passive Seismic in the Literature World Oil Article Geo Expo Article AAGP Explorer Article Basic Equipment Gear and ATV Seismometer Data Recorder Monitor Hookup Problems Problems Wind

733 views • 42 slides
FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22 December 2018 CTC - Intensive study course on FEMA Mumbai 1 Conten Co ents Overview of FEMA Inbound Investment Recent Developments FEMA 20

593 views • 35 slides
Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk @CBrownMatrix Overview The reform agenda Recent CJEU developments Recent domestic litigation The reform agenda December 2011: Commission

240 views • 11 slides
Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David

Data Protection in Israel Overview & Recent Developments in Financial Sector David Mirchin Head of Technology Transactions Group 2009 2 2010-2011 Bad luck 3 Topics 1. Context: Recent Developments 2. EU: Israel Adequately

534 views • 28 slides
Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent Developments in Disjunctive Programming 01.09.17 1 / 56 Recent Developments in Disjunctive Programming 1. Background and basic results 2.

886 views • 56 slides
Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Introduction SVAR GMs Application to SVAR Recent Developments Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications Alessio Moneta Max Planck Institute of Economics, Jena 10 December 2009

900 views • 60 slides
Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor Infrastructure and Regulatory Policy WECC Market Interface Committee June 27, 2019 Overview Overview Recent developments at the CPUC

453 views • 8 slides
Disclaimer As we continue to monitor the developments surrounding Coronavirus (COVID-19), this

Disclaimer As we continue to monitor the developments surrounding Coronavirus (COVID-19), this

Texas Apartment Association, Inc. Title slide design to come FAQs on COVID-19 and the Texas Rental Housing Industry March 27, 2020 1 Disclaimer As we continue to monitor the developments surrounding Coronavirus (COVID-19), this seminar

259 views • 5 slides
Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to professors Toshi Futamase, Hideo Kodama and Misao Sasaki Matthias Bartelmann, Heidelberg University, Institute for Theoretical Astrophysics JGRG22,

614 views • 25 slides
Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T Punjabi April 15, 2019 Table of Contents Slide Nos. Sr. No. Particulars From To 1 Synopsis Recent Developments 6 7 2 Synopsis

745 views • 63 slides
Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/ Computer Science Laboratory SRI International Menlo Park, CA August 21, 2006 Sam Owre AFM06 tutorial: 1 Recent PVS

518 views • 28 slides
Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments Whats in the Budget? Recent tax cases Directors Loan Write -Off Scheme Section 415 ITTOIA 2005 taxed as dividend? Espirit

620 views • 36 slides
Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts

Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts

Home Ownership and Right to Buy - Recent Developments Seminar Matthew Saye Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts sales management Recent Developments Primary legislation limited

317 views • 12 slides
Recent Developments of JM A Operational NWP Systems and WGNE Intercomparison of Tropical Cyclone

Recent Developments of JM A Operational NWP Systems and WGNE Intercomparison of Tropical Cyclone

Recent Developments of JM A Operational NWP Systems and WGNE Intercomparison of Tropical Cyclone Track Forecast M asayuki Nakagawa and colleagues at JM A Numerical Prediction Division Japan M eteorological Agency 1 RECENT DEVELOPM ENTS OF J

591 views • 45 slides
Naviga&ng New Terrain: Recent Developments in Human

Naviga&ng New Terrain: Recent Developments in Human

1/24/18 Naviga&ng New Terrain: Recent Developments in Human Subjects Research Regula&on Heather Pierce, AAMC Laura Odwazny, HHS OGC Kristen

530 views • 15 slides
Recent Developments in Grid C Computing & e-infrastructures in i & i f i India

Recent Developments in Grid C Computing & e-infrastructures in i & i f i India

Recent Developments in Grid C Computing & e-infrastructures in i & i f i India Presented jointly by Prof PS Dhekne BARC Prof P.S. Dhekne, BARC and Dipak Singh, ERNET India April 22, 2009 Recent developments in Grid Computing

671 views • 31 slides
Recent Developments of the Commodity Prices Katrin Knauf Hamburgisches WeltWirtschaftsInstitut

Recent Developments of the Commodity Prices Katrin Knauf Hamburgisches WeltWirtschaftsInstitut

Recent Developments of the Commodity Prices Katrin Knauf Hamburgisches WeltWirtschaftsInstitut (HWWI) Structure 1. Overview commodity price index 2. Selection of commodities 3. Development of the commodity price index 4. Recent developments

374 views • 35 slides

More recommend