Scribd Logo
Upload

Welcome to Scribd!

  • DNS Fundamentals Anti Abuse Alvarez 2016-05-18

    Uploaded by

    naamila
    3 views14 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views14 pages

    DNS Fundamentals Anti Abuse Alvarez 2016-05-18

    Uploaded by

    naamila

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    DNS Fundamentals

    (An Anti-Abuse Perspective)


    Carlos Álvarez, IS-SSR Team | Steve Conte , Office of the CTO
    18 May 2016
    Domain Name System

    • Internet Identifiers
    1 Resolution Process
    • Structure and Resolution

    • Parties Involved
    2 Registration Process • Registration
    • Whois

    3 Why all this matters: Anti-Abuse

    | 2
    DNS: Internet Identifiers MAC, IP, Domains

    | 3
    DNS: Structure and Resolution string.tld.

    “.” root – “.”


    Top Level
    Domain
    edu org club biz ar
    TLD – “.org.” SLD – Second
    Level Domain
    any isoc icann
    2nd Level – “icann.org.”

    whois gacweb
    3rd Level – “gacweb.icann.org.”

    4 | 4
    DNS: Structure and Resolution string.tld.

    m.root-servers.net

    dns.icann.org
    2
    3

    1
    8 6 4
    a0.org.afilias-nst.info
    7 5

    ns1.icann.org
    www.icann.org?

    5 | 5
    DNS: Registration Process Who does what?

    6 | 6
    <command>
    DNS: Registration Process
    <create>

    • SRS (market competition) /


    EPP
    • Availability check /
    response
    • Provision of account
    information and WHOIS
    • Registrar receives, adds to
    own DB, forwards to
    Registry
    • Registry adds entry in its
    zone

    7 | 7
    DNS: WHOIS Registration Info

    • Postal address, email,


    phone, fax
    • Timestamps, statuses,
    name servers
    • Accuracy
    • Validation, i.e. emails in
    RFC5322, phone numbers
    in ITU-T E.164, postal
    addresses in UPU or S42
    format template
    • Verification: Registrant or
    Contacts: Registrant, Admin Account Holder email or
    Contact, Tech Contact, Billing telephone requiring
    Contact affirmative response
    8 | 8
    DNS: Why all this matters Anti-Abuse

    9 | 9
    DNS: Why all this matters Anti-Abuse

    Some hot topics regarding abuse of registration services:


    – Resellers: Identified by Registrar? Responsive?
    – Privacy/Proxy services: Relay/Reveal
    – Compliance with RAA abuse provisions: Review and Respond
    • Suspension/cancellation of malicious domains?
    • DNS Sinkholing?
    • Not enough data or false positive?
    – Domain Generation Algorithms: Automated!
    – Threats:
    • Botnet command and control
    • Malware distribution
    • Phishing/pharming

    10 | 10
    DNS: Why all this matters Anti-Abuse

    Some hot topics regarding abuse of resolution services:


    m.root-servers.net
    dns.icann.org

    2
    3

    1
    8 6 4 a0.org.afilias-nst.info
    7 5

    ns1.icann.org

    DNS Hijacking / Cache Poisoning

    11 | 11
    DNS: Why all this matters Anti-Abuse

    Some hot topics regarding abuse of resolution services:


    DNS Servers (ISPs, own)

    http://string.tld

    x
    Victim

    Reflection+Amplification=DDoS
    12 | 12
    ICANN One World. One Internet

    | 13
    Engage with ICANN

    Questions?
    carlos.alvarez@icann.org / steve.conte@icann.org
    @isitreallysafe

    twitter.com/icann gplus.to/icann

    facebook.com/icannorg weibo.com/ICANNorg

    linkedin.com/company/icann flickr.com/photos/icann

    youtube.com/user/icannnews slideshare.net/icannpresentations

    | 14

    You might also like