dns

October 2, 2013

SECURITY

Using DNS RPZ to Block Malicious DNS Requests

3 min read

After delivering several presentations at Cisco Live and Cisco Connect this year, I received a few questions regarding DNS Response Policy Zones (RPZ) and how can they be used to block DNS resolution to known malicious hosts and sites. I decided to write this short post to explain what it is and provide several pointers. […]

August 27, 2013

SECURITY

Syrian Electronic Army Continues Spree: Cracks New York Times, Twitter and Huffington Post

1 min read

The Syrian Electronic Army continues to hammer away at media organizations.  This afternoon the Syrian Electronic Army appears to have compromised the registrar Melbourne IT which hosts the domains of notable media organizations like Twitter, The New York Times, and The Huffington Post.

August 22, 2013

SECURITY

Syrian Electronic Army Cracks ShareThis.com GoDaddy Account

1 min read

ShareThis provides a mechanism for web surfers to share content online through a customizable widget.  According to the information on their website, ShareThis interacts with “more than 94% of U.S. Internet users across more than 2 million publisher sites and 120+ social media channels.” On the evening of August 21, 2013, ShareThis reported that their […]

August 8, 2013

SECURITY

DNS Compromise Distributing Malware

3 min read

DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over […]

August 2, 2013

SECURITY

Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting

3 min read

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outside its recommended environmental conditions, and defects […]

July 17, 2013

SECURITY

Network Solutions Customer Site Compromises and DDoS

1 min read

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This […]

June 20, 2013

SECURITY

‘Hijacking’ of DNS Records from Network Solutions

2 min read

UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013.  This post is NOT related to the ongoing activity occuring July 16, 2013.  Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more information available here. Multiple organizations with […]

May 9, 2013

SECURITY

Foundational Network Traffic Collection and Analysis Setup

3 min read

This introductory post explains how one of Cisco’s security research groups established a network data collection capability for large amounts of network traffic. This capability was necessary to support research into selected aspects of the Domain Name Service (DNS), but it can be adapted for other purposes.

March 29, 2013

SECURITY

March Madness May Equal to Malware Madness

4 min read

Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March […]