Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
DNS SCANNING
2013-10-17
Adrien de Beaupre
Internet wide DNS scanning
DNS
2023-01-23/a>
Xavier Mertens
Who's Resolving This Domain?
2022-08-31/a>
Johannes Ullrich
Underscores and DNS: The Privacy Story
2022-08-10/a>
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-04-29/a>
Rob VandenBrink
Using Passive DNS sources for Reconnaissance and Enumeration
2021-12-17/a>
Rob VandenBrink
DR Automation - Using Public DNS APIs
2021-10-04/a>
Johannes Ullrich
Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on.
2021-09-11/a>
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-07-31/a>
Guy Bruneau
Unsolicited DNS Queries
2021-06-19/a>
Xavier Mertens
Easy Access to the NIST RDS Database
2021-05-30/a>
Didier Stevens
Video: Cobalt Strike & DNS - Part 1
2021-05-20/a>
Johannes Ullrich
New YouTube Video Series: Everything you ever wanted to know about DNS and more!
2021-01-25/a>
Rob VandenBrink
Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2021-01-15/a>
Guy Bruneau
Obfuscated DNS Queries
2020-12-16/a>
Daniel Wesemann
DNS Logs in Public Clouds
2020-12-08/a>
Johannes Ullrich
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-10-30/a>
Xavier Mertens
Quick Status of the CAA DNS Record Adoption
2020-08-04/a>
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-07-16/a>
John Bambenek
Hunting for SigRed Exploitation
2020-07-15/a>
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2019-12-29/a>
Guy Bruneau
ELK Dashboard for Pihole Logs
2019-12-07/a>
Guy Bruneau
Integrating Pi-hole Logs in ELK with Logstash
2019-11-25/a>
Xavier Mertens
My Little DoH Setup
2019-10-25/a>
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-10-21/a>
Jim Clausing
What's up with TCP 853 (DNS over TLS)?
2019-07-17/a>
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-13/a>
Guy Bruneau
Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-09/a>
John Bambenek
Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
2019-06-16/a>
Didier Stevens
Sysmon Version 10: DNS Logging
2019-03-27/a>
Xavier Mertens
Running your Own Passive DNS Service
2019-01-31/a>
Xavier Mertens
Tracking Unexpected DNS Changes
2019-01-22/a>
Xavier Mertens
DNS Firewalling with MISP
2018-09-22/a>
Didier Stevens
Suspicious DNS Requests ... Issued by a Firewall
2018-02-25/a>
Guy Bruneau
Blackhole Advertising Sites with Pi-hole
2017-12-13/a>
Xavier Mertens
Tracking Newly Registered Domains
2017-11-16/a>
Xavier Mertens
Suspicious Domains Tracking Dashboard
2017-10-20/a>
Rick Wanner
One year Anniversary of Dyn DDOS
2017-10-02/a>
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-06-14/a>
Xavier Mertens
Systemd Could Fallback to Google DNS?
2017-04-20/a>
Xavier Mertens
DNS Query Length... Because Size Does Matter
2016-10-23/a>
Johannes Ullrich
ISC Briefing: Large DDoS Attack Against Dyn
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-06-12/a>
Guy Bruneau
DNS Sinkhole ISO Version 2.0
2016-04-28/a>
Rob VandenBrink
DNS and DHCP Recon using Powershell
2015-11-22/a>
Guy Bruneau
OpenDNS Research Used to Predict Threat
2015-11-08/a>
Rick Wanner
DNS Reconnaissance using nmap
2015-08-19/a>
Bojan Zdrnja
Outsourcing critical infrastructure (such as DNS)
2015-02-19/a>
Daniel Wesemann
DNS-based DDoS
2014-06-02/a>
Rick Wanner
Using nmap to scan for DDOS reflectors
2014-05-20/a>
Johannes Ullrich
Detecting Queries to "odd" DNS Servers
2014-04-30/a>
Johannes Ullrich
Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic
2014-04-30/a>
Russ McRee
UltraDNS DDOS
2014-02-04/a>
Johannes Ullrich
Do you block "new" domain names?
2014-01-30/a>
Johannes Ullrich
New gTLDs appearing in the root zone
2013-12-21/a>
Guy Bruneau
Strange DNS Queries - Request for Packets
2013-11-19/a>
Jim Clausing
Updated dumpdns.pl
2013-11-04/a>
Manuel Humberto Santander Pelaez
When attackers use your DNS to check for the sites you are visiting
2013-10-21/a>
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-17/a>
Adrien de Beaupre
Internet wide DNS scanning
2013-10-10/a>
Johannes Ullrich
google.com.my DNS hijack
2013-10-08/a>
Johannes Ullrich
CSAM: ANY queries used in reflective DoS attack
2013-10-02/a>
Johannes Ullrich
CSAM: Misc. DNS Logs
2013-09-26/a>
Johannes Ullrich
How do you monitor DNS?
2013-09-02/a>
Guy Bruneau
Snort IDS Sensor with Sguil New ISO Released
2013-08-14/a>
Johannes Ullrich
.GOV zones may not resolve due to DNSSEC problems.
2013-08-07/a>
Mark Hofman
DNS servers hijacked in the Netherlands
2013-07-17/a>
Johannes Ullrich
Network Solutions Outage
2013-07-12/a>
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-10/a>
Johannes Ullrich
.NL Registrar Compromisse
2013-06-22/a>
Guy Bruneau
.biz DNSSEC DNSKEY is Invalid
2013-06-20/a>
Johannes Ullrich
Linkedin DNS Hijack
2013-06-05/a>
Richard Porter
BIND 9 Update fixing CVE-2013-3919
2012-12-14/a>
Johannes Ullrich
The "D-root" DNS server (terp.umd.edu) is changing its IP address in January http://seclists.org/nanog/2012/Dec/330
2012-12-06/a>
Daniel Wesemann
Comodo DNS hiccup on usertrust.com
2012-08-16/a>
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-07-24/a>
Richard Porter
Report of spike in DNS Queries gd21.net
2012-07-21/a>
Rick Wanner
TippingPoint DNS Version Request increase
2012-07-21/a>
Rick Wanner
OpenDNS is looking for a few good malware people!
2012-05-21/a>
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-16/a>
Johannes Ullrich
Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-03-30/a>
Daniel Wesemann
Tomorrow, the world will end
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2012-02-20/a>
Rick Wanner
DNSChanger resolver shutdown deadline is March 8th
2012-02-09/a>
Richard Porter
DNS Ghost Domains, How I loath you so!
2012-01-21/a>
Guy Bruneau
DNS Sinkhole Scripts Fixes/Update
2012-01-18/a>
Johannes Ullrich
Use of Mixed Case DNS Queries
2012-01-13/a>
Guy Bruneau
Strange DNS Queries - Request Packets/Logs
2011-12-13/a>
Johannes Ullrich
Possible Widespread DNS Attack (info wanted)
2011-12-05/a>
Stephen Hall
ISC describe DNS crash bug analysis
2011-11-28/a>
Tom Liston
A Puzzlement...
2011-11-16/a>
Jason Lam
Potential 0-day on Bind 9
2011-11-11/a>
Rick Wanner
What's up with fbi.gov DNS?
2011-11-11/a>
Johannes Ullrich
Details About the fbi.gov DNSSEC Configuration Issue.
2011-11-09/a>
Russ McRee
Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-10-15/a>
Guy Bruneau
DNS Sinkhole Parser Script Update
2011-10-10/a>
Tom Liston
What's In A Name?
2011-09-09/a>
Guy Bruneau
IPv6 and DNS Sinkhole
2011-09-04/a>
Lorna Hutcheson
Several Sites Defaced
2011-08-17/a>
Rob VandenBrink
When Good Patches go Bad - a DNS tale that didn't start out that way
2011-08-05/a>
Johannes Ullrich
Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-08-05/a>
donald smith
New Mac Trojan: BASH/QHost.WB
2011-07-05/a>
Raul Siles
Two DoS remotely exploitable vulnerabilities affect BIND 9: http://www.isc.org/advisories/bind Updgrade to 9.8.0-P4.
2011-06-28/a>
Johannes Ullrich
DNSSEC Tips
2011-06-03/a>
Guy Bruneau
New Poll: How are you dealing with Malicious Domains?
2011-05-09/a>
Johannes Ullrich
Patch for BIND 9.8.0 DoS Vulnerability
2011-04-14/a>
Johannes Ullrich
dshield.org now DNSSEC signed via .org
2011-04-05/a>
Mark Hofman
DNS.be DDOS
2011-01-26/a>
Bojan Zdrnja
Google Chrome and (weird) DNS requests
2010-11-25/a>
Bojan Zdrnja
Secunia's DNS/domain hijacked?
2010-11-13/a>
Guy Bruneau
Register.com DNS Issues
2010-11-04/a>
Johannes Ullrich
DNSSEC Progress for .com and .net
2010-10-03/a>
Adrien de Beaupre
H went down.
2010-09-25/a>
Rick Wanner
Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-08-07/a>
Stephen Hall
DnsMadeEasy under a "quite large and unique" ddos.
2010-07-29/a>
Rob VandenBrink
NoScript 2.0 released
2010-06-19/a>
Guy Bruneau
DNS Sinkhole ISO Available for Download
2010-05-12/a>
Johannes Ullrich
.de TLD Outage
2010-05-04/a>
Rick Wanner
DNSSEC...not a bang but a whimper?
2010-02-26/a>
Rick Wanner
New version of dnsmap
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-12/a>
Johannes Ullrich
Baidu defaced - Domain Registrar Tampering
2010-01-11/a>
Johannes Ullrich
the (large) domain registrar "eNom" appears to have problems with its DNS servers according to some user reports.
2010-01-10/a>
Guy Bruneau
Easy DNS BIND Sinkhole Setup
2009-12-15/a>
Johannes Ullrich
Important BIND name server updates - DNSSEC
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-24/a>
John Bambenek
BIND Security Advisory (DNSSEC only)
2009-11-02/a>
Daniel Wesemann
IDN ccTLDs
2009-10-29/a>
Kyle Haugsness
Cyber Security Awareness Month - Day 29 - dns port 53
2009-07-29/a>
Bojan Zdrnja
BIND 9 DoS attacks in the wild
2009-04-26/a>
Johannes Ullrich
Odd DNS Resolution for Google via OpenDNS
2009-03-21/a>
Stephen Hall
Updates to ISC BIND
2009-01-31/a>
Swa Frantzen
DNS DDoS - let's use a long term solution
2009-01-18/a>
Daniel Wesemann
DNS queries for "."
2009-01-08/a>
Kyle Haugsness
BIND OpenSSL follow-up
2009-01-07/a>
William Salusky
BIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-04/a>
Bojan Zdrnja
Rogue DHCP servers
2008-11-25/a>
Andre Ludwig
OS X Dns Changers part three
2008-11-25/a>
Andre Ludwig
Tmobile G1 handsets having DNS problems?
2008-10-17/a>
Patrick Nolan
Day 17 - Containing a DNS Hijacking
2008-10-08/a>
Johannes Ullrich
Domaincontrol (GoDaddy) Nameservers DNS Poisoning
2008-08-14/a>
Johannes Ullrich
DNSSEC for DShield.org
2008-08-05/a>
Daniel Wesemann
Watching those DNS logs
2008-08-02/a>
Swa Frantzen
BIND: -P2 patches are released
2008-07-25/a>
Swa Frantzen
DNS bug - observations
2008-07-24/a>
Kyle Haugsness
DNS cache poisoning vulnerability details confirmed
2008-07-22/a>
Swa Frantzen
Dan Kaminsky's DNS bug: revealed? - Patch!
2008-07-09/a>
Marcus Sachs
DNS Vulnerability Found by a GSEC Student Three Years Ago!
2008-07-08/a>
Johannes Ullrich
Mulitple Vendors DNS Spoofing Vulnerability
2008-05-19/a>
Maarten Van Horenbeeck
Route filtering and its impact on the DNS fabric
2008-04-30/a>
Bojan Zdrnja
(Minor) evolution in Mac DNS changer malware
2008-03-23/a>
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
SCANNING
2022-08-26/a>
Guy Bruneau
HTTP/2 Packet Analysis with Wireshark
2022-07-23/a>
Guy Bruneau
Analysis of SSH Honeypot Data with PowerBI
2021-10-30/a>
Guy Bruneau
Remote Desktop Protocol (RDP) Discovery
2021-10-09/a>
Guy Bruneau
Scanning for Previous Oracle WebLogic Vulnerabilities
2021-08-13/a>
Guy Bruneau
Scanning for Microsoft Exchange eDiscovery
2021-07-10/a>
Guy Bruneau
Scanning for Microsoft Secure Socket Tunneling Protocol
2021-06-26/a>
Guy Bruneau
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-12/a>
Guy Bruneau
Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-05-08/a>
Guy Bruneau
Who is Probing the Internet for Research Purposes?
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2021-02-13/a>
Guy Bruneau
Using Logstash to Parse IPtables Firewall Logs
2020-12-05/a>
Guy Bruneau
Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04/a>
Guy Bruneau
Detecting Actors Activity with Threat Intel
2020-10-24/a>
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-03/a>
Guy Bruneau
Scanning for SOHO Routers
2020-08-22/a>
Guy Bruneau
Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-08/a>
Guy Bruneau
Scanning Activity Include Netcat Listener
2020-07-19/a>
Guy Bruneau
Scanning Activity for ZeroShell Unauthenticated Access
2020-07-11/a>
Guy Bruneau
Scanning Home Internet Facing Devices to Exploit
2020-06-13/a>
Guy Bruneau
Mirai Botnet Activity
2020-05-16/a>
Guy Bruneau
Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-04-07/a>
Johannes Ullrich
Increase in RDP Scanning
2020-03-21/a>
Guy Bruneau
Honeypot - Scanning and Targeting Devices & Services
2020-02-29/a>
Guy Bruneau
Hazelcast IMDG Discover Scan
2019-11-23/a>
Guy Bruneau
Local Malware Analysis with Malice
2019-11-03/a>
Didier Stevens
You Too? "Unusual Activity with Double Base64 Encoding"
2019-10-20/a>
Guy Bruneau
Scanning Activity for NVMS-9000 Digital Video Recorder
2019-09-07/a>
Guy Bruneau
Unidentified Scanning Activity
2018-12-23/a>
Guy Bruneau
Scanning Activity, end Goal is to add Hosts to Mirai Botnet
2017-11-13/a>
Guy Bruneau
jsonrpc Scanning for root account
2017-04-22/a>
Jim Clausing
WTF tcp port 81
2016-02-02/a>
Johannes Ullrich
Targeted IPv6 Scans Using pool.ntp.org .
2014-09-19/a>
Guy Bruneau
Web Scan looking for /info/whitelist.pac
2014-02-15/a>
Rob VandenBrink
More on HNAP - What is it, How to Use it, How to Find it
2014-02-13/a>
Johannes Ullrich
Linksys Worm ("TheMoon") Captured
2014-02-12/a>
Johannes Ullrich
Suspected Mass Exploit Against Linksys E1000 / E1200 Routers
2013-12-19/a>
Rob VandenBrink
Passive Scanning Two Ways - How-Tos for the Holidays
2013-12-09/a>
Rob VandenBrink
Scanning without Scanning
2013-10-17/a>
Adrien de Beaupre
Internet wide DNS scanning
2013-08-19/a>
Rob VandenBrink
ZMAP 1.02 released
2012-11-30/a>
Daniel Wesemann
Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html
2012-06-27/a>
Daniel Wesemann
What's up with port 79 ?
2011-07-17/a>
Mark Hofman
SSH Brute Force
2011-02-28/a>
Deborah Hale
Possible Botnet Scanning
2010-08-10/a>
Daniel Wesemann
SSH - new brute force tool?
2010-02-01/a>
Rob VandenBrink
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-09/a>
G. N. White
What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-06-26/a>
Mark Hofman
PHPMYADMIN scans
2009-06-24/a>
Kyle Haugsness
TCP scanning increase for 4899
2009-02-01/a>
Chris Carboni
Scanning for Trixbox vulnerabilities
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
This site is powered by
your submissions
, so tell us
what you see happening