DNS SCANNING |
| 2013-10-17 | Adrien de Beaupre | Internet wide DNS scanning |
DNS |
| 2019-12-29/a> | Guy Bruneau | ELK Dashboard for Pihole Logs |
| 2019-12-07/a> | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-11-25/a> | Xavier Mertens | My Little DoH Setup |
| 2019-10-25/a> | Rob VandenBrink | More on DNS Archeology (with PowerShell) |
| 2019-10-21/a> | Jim Clausing | What's up with TCP 853 (DNS over TLS)? |
| 2019-09-12/a> | Xavier Mertens | Blocking Firefox DoH with Bind |
| 2019-07-17/a> | Xavier Mertens | Analyzis of DNS TXT Records |
| 2019-07-13/a> | Guy Bruneau | Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing |
| 2019-07-09/a> | John Bambenek | Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS |
| 2019-06-16/a> | Didier Stevens | Sysmon Version 10: DNS Logging |
| 2019-03-27/a> | Xavier Mertens | Running your Own Passive DNS Service |
| 2019-01-31/a> | Xavier Mertens | Tracking Unexpected DNS Changes |
| 2019-01-22/a> | Xavier Mertens | DNS Firewalling with MISP |
| 2018-09-22/a> | Didier Stevens | Suspicious DNS Requests ... Issued by a Firewall |
| 2017-12-13/a> | Xavier Mertens | Tracking Newly Registered Domains |
| 2017-11-16/a> | Xavier Mertens | Suspicious Domains Tracking Dashboard |
| 2017-10-20/a> | Rick Wanner | One year Anniversary of Dyn DDOS |
| 2017-10-02/a> | Xavier Mertens | Investigating Security Incidents with Passive DNS |
| 2017-06-14/a> | Xavier Mertens | Systemd Could Fallback to Google DNS? |
| 2017-04-20/a> | Xavier Mertens | DNS Query Length... Because Size Does Matter |
| 2016-10-23/a> | Johannes Ullrich | ISC Briefing: Large DDoS Attack Against Dyn |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2016-06-12/a> | Guy Bruneau | DNS Sinkhole ISO Version 2.0 |
| 2016-04-28/a> | Rob VandenBrink | DNS and DHCP Recon using Powershell |
| 2015-11-22/a> | Guy Bruneau | OpenDNS Research Used to Predict Threat |
| 2015-11-08/a> | Rick Wanner | DNS Reconnaissance using nmap |
| 2015-08-19/a> | Bojan Zdrnja | Outsourcing critical infrastructure (such as DNS) |
| 2015-02-19/a> | Daniel Wesemann | DNS-based DDoS |
| 2014-06-02/a> | Rick Wanner | Using nmap to scan for DDOS reflectors |
| 2014-05-20/a> | Johannes Ullrich | Detecting Queries to "odd" DNS Servers |
| 2014-04-30/a> | Johannes Ullrich | Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic |
| 2014-04-30/a> | Russ McRee | UltraDNS DDOS |
| 2014-02-04/a> | Johannes Ullrich | Do you block "new" domain names? |
| 2014-01-30/a> | Johannes Ullrich | New gTLDs appearing in the root zone |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2013-11-19/a> | Jim Clausing | Updated dumpdns.pl |
| 2013-11-04/a> | Manuel Humberto Santander Pelaez | When attackers use your DNS to check for the sites you are visiting |
| 2013-10-21/a> | Johannes Ullrich | New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do" |
| 2013-10-17/a> | Adrien de Beaupre | Internet wide DNS scanning |
| 2013-10-10/a> | Johannes Ullrich | google.com.my DNS hijack |
| 2013-10-08/a> | Johannes Ullrich | CSAM: ANY queries used in reflective DoS attack |
| 2013-10-02/a> | Johannes Ullrich | CSAM: Misc. DNS Logs |
| 2013-09-26/a> | Johannes Ullrich | How do you monitor DNS? |
| 2013-09-02/a> | Guy Bruneau | Snort IDS Sensor with Sguil New ISO Released |
| 2013-08-14/a> | Johannes Ullrich | .GOV zones may not resolve due to DNSSEC problems. |
| 2013-08-07/a> | Mark Hofman | DNS servers hijacked in the Netherlands |
| 2013-07-17/a> | Johannes Ullrich | Network Solutions Outage |
| 2013-07-12/a> | Johannes Ullrich | DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com) |
| 2013-07-10/a> | Johannes Ullrich | .NL Registrar Compromisse |
| 2013-06-22/a> | Guy Bruneau | .biz DNSSEC DNSKEY is Invalid |
| 2013-06-20/a> | Johannes Ullrich | Linkedin DNS Hijack |
| 2013-06-05/a> | Richard Porter | BIND 9 Update fixing CVE-2013-3919 |
| 2012-12-14/a> | Johannes Ullrich | The "D-root" DNS server (terp.umd.edu) is changing its IP address in January http://seclists.org/nanog/2012/Dec/330 |
| 2012-12-06/a> | Daniel Wesemann | Comodo DNS hiccup on usertrust.com |
| 2012-08-16/a> | Johannes Ullrich | A Poor Man's DNS Anomaly Detection Script |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-21/a> | Rick Wanner | TippingPoint DNS Version Request increase |
| 2012-07-21/a> | Rick Wanner | OpenDNS is looking for a few good malware people! |
| 2012-05-21/a> | Kevin Shortt | DNS ANY Request Cannon - Need More Packets |
| 2012-05-16/a> | Johannes Ullrich | Got Packets? Odd duplicate DNS replies from 10.x IP Addresses |
| 2012-03-30/a> | Daniel Wesemann | Tomorrow, the world will end |
| 2012-02-23/a> | donald smith | DNS-Changer "clean DNS" extension requested |
| 2012-02-20/a> | Rick Wanner | DNSChanger resolver shutdown deadline is March 8th |
| 2012-02-09/a> | Richard Porter | DNS Ghost Domains, How I loath you so! |
| 2012-01-21/a> | Guy Bruneau | DNS Sinkhole Scripts Fixes/Update |
| 2012-01-18/a> | Johannes Ullrich | Use of Mixed Case DNS Queries |
| 2012-01-13/a> | Guy Bruneau | Strange DNS Queries - Request Packets/Logs |
| 2011-12-13/a> | Johannes Ullrich | Possible Widespread DNS Attack (info wanted) |
| 2011-12-05/a> | Stephen Hall | ISC describe DNS crash bug analysis |
| 2011-11-28/a> | Tom Liston | A Puzzlement... |
| 2011-11-16/a> | Jason Lam | Potential 0-day on Bind 9 |
| 2011-11-11/a> | Rick Wanner | What's up with fbi.gov DNS? |
| 2011-11-11/a> | Johannes Ullrich | Details About the fbi.gov DNSSEC Configuration Issue. |
| 2011-11-09/a> | Russ McRee | Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses |
| 2011-10-15/a> | Guy Bruneau | DNS Sinkhole Parser Script Update |
| 2011-10-10/a> | Tom Liston | What's In A Name? |
| 2011-09-09/a> | Guy Bruneau | IPv6 and DNS Sinkhole |
| 2011-09-04/a> | Lorna Hutcheson | Several Sites Defaced |
| 2011-08-17/a> | Rob VandenBrink | When Good Patches go Bad - a DNS tale that didn't start out that way |
| 2011-08-05/a> | Johannes Ullrich | Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx |
| 2011-08-05/a> | donald smith | New Mac Trojan: BASH/QHost.WB |
| 2011-07-05/a> | Raul Siles | Two DoS remotely exploitable vulnerabilities affect BIND 9: http://www.isc.org/advisories/bind Updgrade to 9.8.0-P4. |
| 2011-06-28/a> | Johannes Ullrich | DNSSEC Tips |
| 2011-06-03/a> | Guy Bruneau | New Poll: How are you dealing with Malicious Domains? |
| 2011-05-09/a> | Johannes Ullrich | Patch for BIND 9.8.0 DoS Vulnerability |
| 2011-04-14/a> | Johannes Ullrich | dshield.org now DNSSEC signed via .org |
| 2011-04-05/a> | Mark Hofman | DNS.be DDOS |
| 2011-01-26/a> | Bojan Zdrnja | Google Chrome and (weird) DNS requests |
| 2010-11-25/a> | Bojan Zdrnja | Secunia's DNS/domain hijacked? |
| 2010-11-13/a> | Guy Bruneau | Register.com DNS Issues |
| 2010-11-04/a> | Johannes Ullrich | DNSSEC Progress for .com and .net |
| 2010-10-03/a> | Adrien de Beaupre | H went down. |
| 2010-09-25/a> | Rick Wanner | Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals |
| 2010-08-07/a> | Stephen Hall | DnsMadeEasy under a "quite large and unique" ddos. |
| 2010-07-29/a> | Rob VandenBrink | NoScript 2.0 released |
| 2010-06-19/a> | Guy Bruneau | DNS Sinkhole ISO Available for Download |
| 2010-05-12/a> | Johannes Ullrich | .de TLD Outage |
| 2010-05-04/a> | Rick Wanner | DNSSEC...not a bang but a whimper? |
| 2010-02-26/a> | Rick Wanner | New version of dnsmap |
| 2010-01-19/a> | Jim Clausing | 49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my! |
| 2010-01-12/a> | Johannes Ullrich | Baidu defaced - Domain Registrar Tampering |
| 2010-01-11/a> | Johannes Ullrich | the (large) domain registrar "eNom" appears to have problems with its DNS servers according to some user reports. |
| 2010-01-10/a> | Guy Bruneau | Easy DNS BIND Sinkhole Setup |
| 2009-12-15/a> | Johannes Ullrich | Important BIND name server updates - DNSSEC |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-11-24/a> | John Bambenek | BIND Security Advisory (DNSSEC only) |
| 2009-11-02/a> | Daniel Wesemann | IDN ccTLDs |
| 2009-10-29/a> | Kyle Haugsness | Cyber Security Awareness Month - Day 29 - dns port 53 |
| 2009-07-29/a> | Bojan Zdrnja | BIND 9 DoS attacks in the wild |
| 2009-04-26/a> | Johannes Ullrich | Odd DNS Resolution for Google via OpenDNS |
| 2009-03-21/a> | Stephen Hall | Updates to ISC BIND |
| 2009-01-31/a> | Swa Frantzen | DNS DDoS - let's use a long term solution |
| 2009-01-18/a> | Daniel Wesemann | DNS queries for "." |
| 2009-01-08/a> | Kyle Haugsness | BIND OpenSSL follow-up |
| 2009-01-07/a> | William Salusky | BIND 9.x security patch - resolves potentially new DNS poisoning vector |
| 2008-12-04/a> | Bojan Zdrnja | Rogue DHCP servers |
| 2008-11-25/a> | Andre Ludwig | OS X Dns Changers part three |
| 2008-11-25/a> | Andre Ludwig | Tmobile G1 handsets having DNS problems? |
| 2008-10-17/a> | Patrick Nolan | Day 17 - Containing a DNS Hijacking |
| 2008-10-08/a> | Johannes Ullrich | Domaincontrol (GoDaddy) Nameservers DNS Poisoning |
| 2008-08-14/a> | Johannes Ullrich | DNSSEC for DShield.org |
| 2008-08-05/a> | Daniel Wesemann | Watching those DNS logs |
| 2008-08-02/a> | Swa Frantzen | BIND: -P2 patches are released |
| 2008-07-25/a> | Swa Frantzen | DNS bug - observations |
| 2008-07-24/a> | Kyle Haugsness | DNS cache poisoning vulnerability details confirmed |
| 2008-07-22/a> | Swa Frantzen | Dan Kaminsky's DNS bug: revealed? - Patch! |
| 2008-07-09/a> | Marcus Sachs | DNS Vulnerability Found by a GSEC Student Three Years Ago! |
| 2008-07-08/a> | Johannes Ullrich | Mulitple Vendors DNS Spoofing Vulnerability |
| 2008-05-19/a> | Maarten Van Horenbeeck | Route filtering and its impact on the DNS fabric |
| 2008-04-30/a> | Bojan Zdrnja | (Minor) evolution in Mac DNS changer malware |
| 2008-03-23/a> | Johannes Ullrich | Finding hidden gems (easter eggs) in your logs (packet challenge!) |
SCANNING |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-11-03/a> | Didier Stevens | You Too? "Unusual Activity with Double Base64 Encoding" |
| 2019-10-20/a> | Guy Bruneau | Scanning Activity for NVMS-9000 Digital Video Recorder |
| 2019-09-07/a> | Guy Bruneau | Unidentified Scanning Activity |
| 2018-12-23/a> | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
| 2017-11-13/a> | Guy Bruneau | jsonrpc Scanning for root account |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2014-09-19/a> | Guy Bruneau | Web Scan looking for /info/whitelist.pac |
| 2014-02-15/a> | Rob VandenBrink | More on HNAP - What is it, How to Use it, How to Find it |
| 2014-02-13/a> | Johannes Ullrich | Linksys Worm ("TheMoon") Captured |
| 2014-02-12/a> | Johannes Ullrich | Suspected Mass Exploit Against Linksys E1000 / E1200 Routers |
| 2013-12-19/a> | Rob VandenBrink | Passive Scanning Two Ways - How-Tos for the Holidays |
| 2013-12-09/a> | Rob VandenBrink | Scanning without Scanning |
| 2013-10-17/a> | Adrien de Beaupre | Internet wide DNS scanning |
| 2013-08-19/a> | Rob VandenBrink | ZMAP 1.02 released |
| 2012-11-30/a> | Daniel Wesemann | Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html |
| 2012-06-27/a> | Daniel Wesemann | What's up with port 79 ? |
| 2011-07-17/a> | Mark Hofman | SSH Brute Force |
| 2011-02-28/a> | Deborah Hale | Possible Botnet Scanning |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-02-01/a> | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2009-06-26/a> | Mark Hofman | PHPMYADMIN scans |
| 2009-06-24/a> | Kyle Haugsness | TCP scanning increase for 4899 |
| 2009-02-01/a> | Chris Carboni | Scanning for Trixbox vulnerabilities |
