Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
DNSCHANGER ISP CLEANUP DNS EXTENSION GHOSTCLICK
2012-02-23
donald smith
DNS-Changer "clean DNS" extension requested
DNSCHANGER
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2012-02-20/a>
Rick Wanner
DNSChanger resolver shutdown deadline is March 8th
2011-11-09/a>
Russ McRee
Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-08-05/a>
donald smith
New Mac Trojan: BASH/QHost.WB
ISP
2022-11-10/a>
Xavier Mertens
Do you collect "Observables" or "IOCs"?
2020-07-23/a>
Xavier Mertens
Simple Blocklisting with MISP & pfSense
2019-03-06/a>
Xavier Mertens
Keep an Eye on Disposable Email Addresses
2019-01-22/a>
Xavier Mertens
DNS Firewalling with MISP
2018-11-20/a>
Xavier Mertens
Querying DShield from Cortex
2018-01-10/a>
Russ McRee
GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2017-03-15/a>
Xavier Mertens
Retro Hunting!
2017-01-26/a>
Xavier Mertens
IOC's: Risks of False Positive Alerts Flood Ahead
2016-07-12/a>
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2016-05-13/a>
Xavier Mertens
MISP - Malware Information Sharing Platform
2014-11-04/a>
Daniel Wesemann
Whois someone else?
2014-02-24/a>
Russ McRee
Explicit Trusted Proxy in HTTP/2.0 or...not so much
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2011-07-09/a>
Tony Carothers
Copyright Alert System - What say you?
2009-12-19/a>
Deborah Hale
Frustrations of ISP Abuse Handling
2009-09-16/a>
Raul Siles
IETF Draft for Remediation of Bots in ISP Networks
CLEANUP
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2011-03-21/a>
Kevin Shortt
Port 1434: Sudden Slammer Decline?
2010-11-03/a>
Kevin Liston
SQL Slammer Clean-up: Roundup and Review
2010-10-29/a>
Kevin Liston
SQL Slammer Clean-up: Contacting CERTs
2010-10-25/a>
Kevin Liston
SQL Slammer Clean-up: Switching Viewpoints
2010-10-19/a>
Kevin Liston
SQL Slammer Clean-up: Picking up the Phone
2010-10-11/a>
Kevin Liston
SQL Slammer Clean-up: Reporting Upstream
2010-10-04/a>
Kevin Liston
SQL Slammer Clean-up: How to Report
2010-10-01/a>
Kevin Liston
Cyber Security Awareness Month Activity: SQL Slammer Clean-up
DNS
2023-01-30/a>
Johannes Ullrich
Decoding DNS over HTTP(s) Requests
2023-01-23/a>
Xavier Mertens
Who's Resolving This Domain?
2022-08-31/a>
Johannes Ullrich
Underscores and DNS: The Privacy Story
2022-08-10/a>
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-04-29/a>
Rob VandenBrink
Using Passive DNS sources for Reconnaissance and Enumeration
2021-12-17/a>
Rob VandenBrink
DR Automation - Using Public DNS APIs
2021-10-04/a>
Johannes Ullrich
Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on.
2021-09-11/a>
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-07-31/a>
Guy Bruneau
Unsolicited DNS Queries
2021-06-19/a>
Xavier Mertens
Easy Access to the NIST RDS Database
2021-05-30/a>
Didier Stevens
Video: Cobalt Strike & DNS - Part 1
2021-05-20/a>
Johannes Ullrich
New YouTube Video Series: Everything you ever wanted to know about DNS and more!
2021-01-25/a>
Rob VandenBrink
Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2021-01-15/a>
Guy Bruneau
Obfuscated DNS Queries
2020-12-16/a>
Daniel Wesemann
DNS Logs in Public Clouds
2020-12-08/a>
Johannes Ullrich
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-10-30/a>
Xavier Mertens
Quick Status of the CAA DNS Record Adoption
2020-08-04/a>
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-07-16/a>
John Bambenek
Hunting for SigRed Exploitation
2020-07-15/a>
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2019-12-29/a>
Guy Bruneau
ELK Dashboard for Pihole Logs
2019-12-07/a>
Guy Bruneau
Integrating Pi-hole Logs in ELK with Logstash
2019-11-25/a>
Xavier Mertens
My Little DoH Setup
2019-10-25/a>
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-10-21/a>
Jim Clausing
What's up with TCP 853 (DNS over TLS)?
2019-07-17/a>
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-13/a>
Guy Bruneau
Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-09/a>
John Bambenek
Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
2019-06-16/a>
Didier Stevens
Sysmon Version 10: DNS Logging
2019-03-27/a>
Xavier Mertens
Running your Own Passive DNS Service
2019-01-31/a>
Xavier Mertens
Tracking Unexpected DNS Changes
2019-01-22/a>
Xavier Mertens
DNS Firewalling with MISP
2018-09-22/a>
Didier Stevens
Suspicious DNS Requests ... Issued by a Firewall
2018-02-25/a>
Guy Bruneau
Blackhole Advertising Sites with Pi-hole
2017-12-13/a>
Xavier Mertens
Tracking Newly Registered Domains
2017-11-16/a>
Xavier Mertens
Suspicious Domains Tracking Dashboard
2017-10-20/a>
Rick Wanner
One year Anniversary of Dyn DDOS
2017-10-02/a>
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-06-14/a>
Xavier Mertens
Systemd Could Fallback to Google DNS?
2017-04-20/a>
Xavier Mertens
DNS Query Length... Because Size Does Matter
2016-10-23/a>
Johannes Ullrich
ISC Briefing: Large DDoS Attack Against Dyn
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-06-12/a>
Guy Bruneau
DNS Sinkhole ISO Version 2.0
2016-04-28/a>
Rob VandenBrink
DNS and DHCP Recon using Powershell
2015-11-22/a>
Guy Bruneau
OpenDNS Research Used to Predict Threat
2015-11-08/a>
Rick Wanner
DNS Reconnaissance using nmap
2015-08-19/a>
Bojan Zdrnja
Outsourcing critical infrastructure (such as DNS)
2015-02-19/a>
Daniel Wesemann
DNS-based DDoS
2014-06-02/a>
Rick Wanner
Using nmap to scan for DDOS reflectors
2014-05-20/a>
Johannes Ullrich
Detecting Queries to "odd" DNS Servers
2014-04-30/a>
Johannes Ullrich
Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic
2014-04-30/a>
Russ McRee
UltraDNS DDOS
2014-02-04/a>
Johannes Ullrich
Do you block "new" domain names?
2014-01-30/a>
Johannes Ullrich
New gTLDs appearing in the root zone
2013-12-21/a>
Guy Bruneau
Strange DNS Queries - Request for Packets
2013-11-19/a>
Jim Clausing
Updated dumpdns.pl
2013-11-04/a>
Manuel Humberto Santander Pelaez
When attackers use your DNS to check for the sites you are visiting
2013-10-21/a>
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-17/a>
Adrien de Beaupre
Internet wide DNS scanning
2013-10-10/a>
Johannes Ullrich
google.com.my DNS hijack
2013-10-08/a>
Johannes Ullrich
CSAM: ANY queries used in reflective DoS attack
2013-10-02/a>
Johannes Ullrich
CSAM: Misc. DNS Logs
2013-09-26/a>
Johannes Ullrich
How do you monitor DNS?
2013-09-02/a>
Guy Bruneau
Snort IDS Sensor with Sguil New ISO Released
2013-08-14/a>
Johannes Ullrich
.GOV zones may not resolve due to DNSSEC problems.
2013-08-07/a>
Mark Hofman
DNS servers hijacked in the Netherlands
2013-07-17/a>
Johannes Ullrich
Network Solutions Outage
2013-07-12/a>
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-10/a>
Johannes Ullrich
.NL Registrar Compromisse
2013-06-22/a>
Guy Bruneau
.biz DNSSEC DNSKEY is Invalid
2013-06-20/a>
Johannes Ullrich
Linkedin DNS Hijack
2013-06-05/a>
Richard Porter
BIND 9 Update fixing CVE-2013-3919
2012-12-14/a>
Johannes Ullrich
The "D-root" DNS server (terp.umd.edu) is changing its IP address in January http://seclists.org/nanog/2012/Dec/330
2012-12-06/a>
Daniel Wesemann
Comodo DNS hiccup on usertrust.com
2012-08-16/a>
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-07-24/a>
Richard Porter
Report of spike in DNS Queries gd21.net
2012-07-21/a>
Rick Wanner
TippingPoint DNS Version Request increase
2012-07-21/a>
Rick Wanner
OpenDNS is looking for a few good malware people!
2012-05-21/a>
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-16/a>
Johannes Ullrich
Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-03-30/a>
Daniel Wesemann
Tomorrow, the world will end
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2012-02-20/a>
Rick Wanner
DNSChanger resolver shutdown deadline is March 8th
2012-02-09/a>
Richard Porter
DNS Ghost Domains, How I loath you so!
2012-01-21/a>
Guy Bruneau
DNS Sinkhole Scripts Fixes/Update
2012-01-18/a>
Johannes Ullrich
Use of Mixed Case DNS Queries
2012-01-13/a>
Guy Bruneau
Strange DNS Queries - Request Packets/Logs
2011-12-13/a>
Johannes Ullrich
Possible Widespread DNS Attack (info wanted)
2011-12-05/a>
Stephen Hall
ISC describe DNS crash bug analysis
2011-11-28/a>
Tom Liston
A Puzzlement...
2011-11-16/a>
Jason Lam
Potential 0-day on Bind 9
2011-11-11/a>
Rick Wanner
What's up with fbi.gov DNS?
2011-11-11/a>
Johannes Ullrich
Details About the fbi.gov DNSSEC Configuration Issue.
2011-11-09/a>
Russ McRee
Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-10-15/a>
Guy Bruneau
DNS Sinkhole Parser Script Update
2011-10-10/a>
Tom Liston
What's In A Name?
2011-09-09/a>
Guy Bruneau
IPv6 and DNS Sinkhole
2011-09-04/a>
Lorna Hutcheson
Several Sites Defaced
2011-08-17/a>
Rob VandenBrink
When Good Patches go Bad - a DNS tale that didn't start out that way
2011-08-05/a>
Johannes Ullrich
Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-08-05/a>
donald smith
New Mac Trojan: BASH/QHost.WB
2011-07-05/a>
Raul Siles
Two DoS remotely exploitable vulnerabilities affect BIND 9: http://www.isc.org/advisories/bind Updgrade to 9.8.0-P4.
2011-06-28/a>
Johannes Ullrich
DNSSEC Tips
2011-06-03/a>
Guy Bruneau
New Poll: How are you dealing with Malicious Domains?
2011-05-09/a>
Johannes Ullrich
Patch for BIND 9.8.0 DoS Vulnerability
2011-04-14/a>
Johannes Ullrich
dshield.org now DNSSEC signed via .org
2011-04-05/a>
Mark Hofman
DNS.be DDOS
2011-01-26/a>
Bojan Zdrnja
Google Chrome and (weird) DNS requests
2010-11-25/a>
Bojan Zdrnja
Secunia's DNS/domain hijacked?
2010-11-13/a>
Guy Bruneau
Register.com DNS Issues
2010-11-04/a>
Johannes Ullrich
DNSSEC Progress for .com and .net
2010-10-03/a>
Adrien de Beaupre
H went down.
2010-09-25/a>
Rick Wanner
Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-08-07/a>
Stephen Hall
DnsMadeEasy under a "quite large and unique" ddos.
2010-07-29/a>
Rob VandenBrink
NoScript 2.0 released
2010-06-19/a>
Guy Bruneau
DNS Sinkhole ISO Available for Download
2010-05-12/a>
Johannes Ullrich
.de TLD Outage
2010-05-04/a>
Rick Wanner
DNSSEC...not a bang but a whimper?
2010-02-26/a>
Rick Wanner
New version of dnsmap
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-12/a>
Johannes Ullrich
Baidu defaced - Domain Registrar Tampering
2010-01-11/a>
Johannes Ullrich
the (large) domain registrar "eNom" appears to have problems with its DNS servers according to some user reports.
2010-01-10/a>
Guy Bruneau
Easy DNS BIND Sinkhole Setup
2009-12-15/a>
Johannes Ullrich
Important BIND name server updates - DNSSEC
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-24/a>
John Bambenek
BIND Security Advisory (DNSSEC only)
2009-11-02/a>
Daniel Wesemann
IDN ccTLDs
2009-10-29/a>
Kyle Haugsness
Cyber Security Awareness Month - Day 29 - dns port 53
2009-07-29/a>
Bojan Zdrnja
BIND 9 DoS attacks in the wild
2009-04-26/a>
Johannes Ullrich
Odd DNS Resolution for Google via OpenDNS
2009-03-21/a>
Stephen Hall
Updates to ISC BIND
2009-01-31/a>
Swa Frantzen
DNS DDoS - let's use a long term solution
2009-01-18/a>
Daniel Wesemann
DNS queries for "."
2009-01-08/a>
Kyle Haugsness
BIND OpenSSL follow-up
2009-01-07/a>
William Salusky
BIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-04/a>
Bojan Zdrnja
Rogue DHCP servers
2008-11-25/a>
Andre Ludwig
OS X Dns Changers part three
2008-11-25/a>
Andre Ludwig
Tmobile G1 handsets having DNS problems?
2008-10-17/a>
Patrick Nolan
Day 17 - Containing a DNS Hijacking
2008-10-08/a>
Johannes Ullrich
Domaincontrol (GoDaddy) Nameservers DNS Poisoning
2008-08-14/a>
Johannes Ullrich
DNSSEC for DShield.org
2008-08-05/a>
Daniel Wesemann
Watching those DNS logs
2008-08-02/a>
Swa Frantzen
BIND: -P2 patches are released
2008-07-25/a>
Swa Frantzen
DNS bug - observations
2008-07-24/a>
Kyle Haugsness
DNS cache poisoning vulnerability details confirmed
2008-07-22/a>
Swa Frantzen
Dan Kaminsky's DNS bug: revealed? - Patch!
2008-07-09/a>
Marcus Sachs
DNS Vulnerability Found by a GSEC Student Three Years Ago!
2008-07-08/a>
Johannes Ullrich
Mulitple Vendors DNS Spoofing Vulnerability
2008-05-19/a>
Maarten Van Horenbeeck
Route filtering and its impact on the DNS fabric
2008-04-30/a>
Bojan Zdrnja
(Minor) evolution in Mac DNS changer malware
2008-03-23/a>
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
EXTENSION
2022-06-22/a>
Xavier Mertens
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2021-02-04/a>
Bojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-01-22/a>
Xavier Mertens
Another File Extension to Block in your MTA: .jnlp
2017-10-27/a>
Renato Marinho
"Catch-All" Google Chrome Malicious Extension Steals All Posted Data
2017-10-24/a>
Xavier Mertens
Stop relying on file extensions
2017-09-06/a>
Adrien de Beaupre
Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-29/a>
Renato Marinho
Second Google Chrome Extension Banker Malware in Two Weeks
2017-08-15/a>
Renato Marinho
(Banker(GoogleChromeExtension)).targeting("Brazil")
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2011-08-14/a>
Guy Bruneau
FireCAT 2.0 Released
GHOSTCLICK
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
This site is powered by
your submissions
, so tell us
what you see happening