OpenDNS is looking for a few good malware people!

Published: 2012-07-21. Last Updated: 2012-07-21 04:39:18 UTC
by Rick Wanner (Version: 1)
2 comment(s)

Most readers of this space will be familiar with OpenDNS for its DNS based approach to Internet filtering.  One of the components of that is a crowd sourced classification of URLs into categories, something that OpenDNS refers to as domain tagging.  OpenDNS is looking to take domain tagging one step further.  OpenDNS CTO, Dan Hubbard, has put out a request  for knowledgeable security people to domain tag the malware category.

If you have a few cycles and you think this might be a fun way to contribute to Internet safety, then please check it out.

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: malware OpenDNS
2 comment(s)

TippingPoint DNS Version Request increase

Published: 2012-07-21. Last Updated: 2012-07-21 04:17:56 UTC
by Rick Wanner (Version: 1)
3 comment(s)
We have received a number of reports from TippingPoint customers that the normally quiet filter #560: DNS version request has been triggering in larger than normal numbers.  The indications are that a large number of source IPs are involved, but the volume is not high enough to be of a concern for potential DOS.  We have not yet been able to view any packets from this traffic.
 
If anybody has any more information, or packets we can review, we would love to hear from you.
 
The summary of filter #560 is:
"This filter detects a request to obtain the version number of the DNS Bind Server. The attacker uses the version information to determine whether the DNS Server is vulnerable to certain buffer overflow or Denial of Service attacks."

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: DNS IDS TippingPoint
3 comment(s)

Comments

Login here to join the discussion.


Diary Archives