Talk by Jonathan Oxer at Linux Users Victoria in April 2007 about how DNS works. Covers authoritative and recursive DNS, delegation, and attack vectors including cache poisoning and DNS forgery. More information at http://jon.oxer.com.au/talks/id/66
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
Learn about the essentials of the Domain Name System (DNS), including name resolution, different record types, roots, zones, authority and recursion.
See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/intro-to-dns-webinar
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
Learn about the essentials of the Domain Name System (DNS), including name resolution, different record types, roots, zones, authority and recursion.
See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/intro-to-dns-webinar
A complete Coverage of DNS and its features. This ppt deals with well balanced practical and theoretical aspects of DNS. The best ppt for a novice learner.
This slide contains details about domain name servers (DNS).
It also contains Resolution of the Name Servers with Domain Name Structure with statistics table. The process of Name resolution is also explained with Recursive and iterative resolution processes.
The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality of the Internet.
A complete Coverage of DNS and its features. This ppt deals with well balanced practical and theoretical aspects of DNS. The best ppt for a novice learner.
This slide contains details about domain name servers (DNS).
It also contains Resolution of the Name Servers with Domain Name Structure with statistics table. The process of Name resolution is also explained with Recursive and iterative resolution processes.
The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality of the Internet.
OpenDNS Enterprise Web Filtering allows organizations of all sizes to block websites at work. Choose from over 50 customizable categories. Use block page bypass to grant exceptions to your Web filtering policy. OpenDNS Enterprise offers web filtering without an appliance, can be deployed nearly instantly, and can be managed anywhere you have an Internet connection.
We browse the Internet. We host our applications on a server or a cloud that is hooked up with a nice domain name. That’s all there is to know about DNS, right? This talk is a refresher about how DNS works. How we can use it and how it can affect availability of our applications. How we can use it as a means of configuring our application components. How this old geezer protocol is a resilient, distributed system that is used by every Internet user in the world. How we can use it for things that it wasn’t built for. Come join me on this journey through the innards of the web!
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
Rethinking Security and how you can Act on Meaningful Change
What the industry recommends to protect your network is NOT working! The industry is stuck in a dysfunctional ecosystem that encourages the cyber-criminal innovation at the cost to business and individual loss throughout the world. We do not need a “Manhattan Project” for the security of the Internet. What we need are tools to help operators throughout the world ask the right question that would lead them to meaningful action. Security empowerment must empower the grassroots and provide the tools to push back on the root cause. This talk will explore these issues, highlight the dysfunction in our “security” economy, and present “take home” tools that would facilitate immediate action.
Speaking from experience building MyGet.org: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ...
In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.
This is an introductory presentation regarding the issues in designing a campus network infrastructure. Unlike theoretical approaches, this presentation actually was used to describe some of the real configurations performed by Server Administrators and Network Managers. This is for an introductory audience with very little background in computer networks assumed.
MongoDB Europe 2016 - Advanced MongoDB Aggregation PipelinesMongoDB
We will do a deep dive into the powerful query capabilities of MongoDB's Aggregation Framework, and show you how you can use MongoDB's built-in features to inspect the execution and tune the performance of your queries. And, last but not least, we will also give you a brief outlook into MongoDB 3.4's awesome new Aggregation Framework additions.
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...Amazon Web Services
Whether you’re running a simple website, a mobile app, or a suite of business applications, DNS is a fundamental part of any architecture in the cloud. In this mid-level architecture session, we’ll cover everything you need to get started with Amazon Route 53, AWS’s highly-available DNS service. You’ll learn how to use public DNS, including routing techniques such as weighted round-robin, latency-based routing, and geo DNS; how to configure DNS failover using health checks; how and when to use private DNS within your Virtual Private Cloud (VPC); and how Amazon Route 53 interacts with Amazon EC2’s DNS for instance naming and DNS resolution across your network.
We will conclude the session with a real-world migration example. Warner Bros. Entertainment recently completed a full DNS migration to Route 53. Vahram Sukyas, Vice President, Application Infrastructure & Operations at Warner Bros. Entertainment, will share details on his team's architecture, migration strategy, and lessons learned which are useful for enterprises and startups alike.
Curso: Redes y comunicaciones I: 07 Redes.
Fue dictado en la Universidad Tecnológica del Perú -UTP, Lima - Perú, en los ciclos 2011-2 (junio/2011), 2011-3 (octubre/2011) y 2012-1 (abril/2012).
OSDcLang is a joke language I created (read: stole blatantly from BF) for an early OSDC, and it's become something of a meme with talks about it at every conference since. In this lightning talk I demonstrated the use of OSDcLang to communicate with the engine management system of my car.
Lightning talk about my project to connect my car to the internet 24x7 and expose the engine management system to the network for remote monitoring and control.
Talk by Jonathan Oxer at the Debian Miniconf at linux.conf.au in January 2008 about the various caching mechanisms available for Debian / Ubuntu packages. Provides an overview of apt-proxy, apt-cacher, and approx. More information at http://jon.oxer.com.au/talks/id/100
Keynote by Jonathan Oxer at Open Source Developers Conference in November 2007 about the role of Open Source software as a platform on which to build an information economy. More information at http://jon.oxer.com.au/talks/id/98
IVT Tech Talk by Jonathan Oxer in November 2007. Covers use of hashed passwords in web applications and outlines a method to progressively migrate from plain-text to hashed storage. More information at http://jon.oxer.com.au/talks/id/90
How to grow your eBusiness and build an online communityJonathan Oxer
Talk by Jonathan Oxer at the Eastern Business Network in June 2007. Follows on from the topics in his book \"How To Build A Website And Stay Sane\" (www.stay-sane.com) to provide a non-technical introduction to the concept of \"web 2.0\" and how businesses can make the most of it to engage with customers in a more personal way. More information at http://jon.oxer.com.au/talks/id/74
Talk by Jonathan Oxer at the MySQL Miniconf run as part of linux.conf.au 2007. Outlines a technique for managing schema updates in the field. More information at http://jon.oxer.com.au/talks/id/56
Talk by Jonathan Oxer at Melbourne PC User Group on November 1st, 2006, broadly covering the topics in his book \"How To Build A Website And Stay Sane\". A business-oriented guide to finding and working with a web development company. More information at http://jon.oxer.com.au/talks/id/40. The book site is at www.stay-sane.com
Talk by Jonathan Oxer at Linux Users Victoria in 2005 about basic Subversion use. Originally presented 2005-02-03. More information at http://jon.oxer.com.au/talks/id/13
Talk by Jonathan Oxer at Open Source Developers Conference 2004 about building / maintaining large PHP projects. Mainly focused on developer tools and infrastructure. Originally presented 2004-12-03. More information and conference paper at http://jon.oxer.com.au/talks/id/9
Talk by Jonathan Oxer at Open Source Developers Conference 2004 about writing high-performance and scalable PHP applications. Originally presented 2004-12-02. More information at http://jon.oxer.com.au/talks/id/11
Talk by Jonathan Oxer at LinuxTag 2004 about use of APD (Advanced PHP Debugger) to perform performance profiling of PHP code. Originally presented 2004-06-24. More information including conference paper at http://jon.oxer.com.au/talks/id/5
Talk by Jonathan Oxer at Debian Day / LinuxTag 2004 about use of Debian kernel packaging tools to compile, distribute and install custom kernel packages. Presented 2004-06-24. More information including conference paper at http://jon.oxer.com.au/talks/id/4
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Leading Change strategies and insights for effective change management pdf 1.pdf
Introduction to DNS
1. Introduction To DNS everything you never wanted to know about IP directory services Linux Users Victoria, April 3 rd 2007 Jonathan Oxer <jon@ivt.com.au>
2. what is the domain name system anyway? Introduction To DNS Jonathan Oxer < [email_address] >
3. it's like a phone book ...kinda Introduction To DNS Jonathan Oxer < [email_address] >
4. DNS is (1) a directory service Introduction To DNS Jonathan Oxer < [email_address] >
5. DNS is (2) an identity mechanism Introduction To DNS Jonathan Oxer < [email_address] >
6. DNS is (3) a namespace structure Introduction To DNS Jonathan Oxer < [email_address] >
7. DNS is (4) an abstraction layer Introduction To DNS Jonathan Oxer < [email_address] >
8. think of the phone book... Introduction To DNS Jonathan Oxer < [email_address] >
9. maps hostnames to IP addresses Introduction To DNS Jonathan Oxer < [email_address] >
10. maps jon.oxer.com.au to 221.133.213.151 Introduction To DNS Jonathan Oxer < [email_address] >
11. forward vs reverse Introduction To DNS Jonathan Oxer < [email_address] >
12. maps jon.oxer.com.au to 221.133.213.151 Introduction To DNS Jonathan Oxer < [email_address] >
13. maps 221.133.213.151 to jon.oxer.com.au Introduction To DNS Jonathan Oxer < [email_address] >
81. anatomy of a zone[file] Introduction To DNS Jonathan Oxer < [email_address] >
82. ; zone file for example.com. $TTL 2d ; 172800 TTL @ IN SOA ns1.example.com. hostmaster.example.com. ( 2007040304 ; serial 12h ; refresh 15m ; retry 3w ; expiry 3h ; minimum ) IN NS ns1.myprovider.com. IN NS ns1.example.com. IN MX 10 mail.example.net. homer IN A 192.168.254.3 marge IN A 192.168.12.15 www IN CNAME homer vpn IN CNAME marge Introduction To DNS Jonathan Oxer < [email_address] >
83. types of DNS records Introduction To DNS Jonathan Oxer < [email_address] >
84. “ A” (address) links names and IPv4 addresses Introduction To DNS Jonathan Oxer < [email_address] >
85. “ AAAA” (address) links names and IPv6 addresses Introduction To DNS Jonathan Oxer < [email_address] >
86. “ CNAME” (canonical name) aliases names to other names Introduction To DNS Jonathan Oxer < [email_address] >
87. “ MX” (mail exchange) name of machine for mail delivery Introduction To DNS Jonathan Oxer < [email_address] >
88. “ NS” (name server) name of DNS server for a zone Introduction To DNS Jonathan Oxer < [email_address] >
89. “ TXT” (text) arbitrary text string Introduction To DNS Jonathan Oxer < [email_address] >
90. “ NAPTR” (naming auth pointer) fun with regex Introduction To DNS Jonathan Oxer < [email_address] >
91. “ SOA” (start of authority) controls inter-server data synchronisation Introduction To DNS Jonathan Oxer < [email_address] >
92. SOA (Start Of Authority) Introduction To DNS Jonathan Oxer < [email_address] >
93. SOA sets TTL (Time To Live) Introduction To DNS Jonathan Oxer < [email_address] >
94. TTL says how long data may be cached Introduction To DNS Jonathan Oxer < [email_address] >
95. SOA parameters Serial : identifies version of SOA Introduction To DNS Jonathan Oxer < [email_address] >
96. SOA parameters Refresh : seconds between updates Introduction To DNS Jonathan Oxer < [email_address] >
97. SOA parameters Retry : seconds to wait after failure Introduction To DNS Jonathan Oxer < [email_address] >
98. SOA parameters Expire : seconds before data flushed Introduction To DNS Jonathan Oxer < [email_address] >
99. SOA parameters Minimum : used now for negative caching Introduction To DNS Jonathan Oxer < [email_address] >
108. Practical example: Dr Evil wants to take over “ www.bigbank.com” Introduction To DNS Jonathan Oxer < [email_address] >
109. Dr Evil attack vector #1 redirecting the target domain's nameserver Introduction To DNS Jonathan Oxer < [email_address] >
110. (1) Dr Evil creates a sub-zone of a zone he controls, such as “ bigbank.dr-evil.com” Introduction To DNS Jonathan Oxer < [email_address] >
111. (2) Dr Evil delegates his evil zone to “ www.bigbank.com” Introduction To DNS Jonathan Oxer < [email_address] >
112. (3) Dr Evil configures his DNS server to return the wrong IP address for “www.bigbank.com” Introduction To DNS Jonathan Oxer < [email_address] >
113. (4) Dr Evil issues a DNS lookup for “ bigbank.dr-evil.com” to your DNS resolver Introduction To DNS Jonathan Oxer < [email_address] >
114. (5) Your DNS server caches the evil IP and uses it for future requests for “ www.bigbank.com” Introduction To DNS Jonathan Oxer < [email_address] >
115. what happened? request: bigbank.dr-evil.com. IN A response: Answer: (no response) Authority section: bigbank.dr-evil.com. 3600 IN NS www.bigbank.com. Additional section: www.bigbank.com. IN A 1.2.3.4 Introduction To DNS Jonathan Oxer < [email_address] >
116. what happened? request: bigbank.dr-evil.com. IN A response: Answer: (no response) Authority section: bigbank.dr-evil.com. 3600 IN NS www.bigbank.com. Additional section: www.bigbank.com. IN A 1.2.3.4 Introduction To DNS Jonathan Oxer < [email_address] >
117. what happened? request: bigbank.dr-evil.com. IN A response: Answer: (no response) Authority section: bigbank.dr-evil.com. 3600 IN NS www.bigbank.com. Additional section: www.bigbank.com. IN A 1.2.3.4 Introduction To DNS Jonathan Oxer < [email_address] >
118. what happened? request: bigbank.dr-evil.com. IN A response: Answer: (no response) Authority section: bigbank.dr-evil.com. 3600 IN NS www.bigbank.com. Additional section: www.bigbank.com. IN A 1.2.3.4 Introduction To DNS Jonathan Oxer < [email_address] >
120. Dr Evil attack vector #2 redirect the NS record of the target domain Introduction To DNS Jonathan Oxer < [email_address] >
121. compare this with... request: bigbank.dr-evil.com. IN A response: Answer: (no response) Authority section: bigbank.dr-evil.com. 3600 IN NS www.bigbank.com. Additional section: www.bigbank.com. IN A 1.2.3.4 Introduction To DNS Jonathan Oxer < [email_address] >
122. ...alternative attack request: bigbank.dr-evil.com. IN A response: Answer: (no response) Authority section: bigbank.com. 3600 IN NS ns.dr-evil.com. Additional section: ns.dr-evil.com. IN A 1.2.3.4 Introduction To DNS Jonathan Oxer < [email_address] >
123. Dr Evil attack vector #3 DNS forgery: respond before the real nameserver Introduction To DNS Jonathan Oxer < [email_address] >
124. not as easy as it sounds! Introduction To DNS Jonathan Oxer < [email_address] >
125. do a “ birthday attack” against the nonce value Introduction To DNS Jonathan Oxer < [email_address] >
126. Introduction To DNS Jonathan Oxer < [email_address] > Start with the Taylor series approximation to the probability of a “nonce” value collision where “n” is the number of attempts and “H” is the number of unique outputs: Invert the expression: Now assigning a 0.5 probability of collision: So it's obvious that for a 16 bit hash there are 65536 outputs, ie: only 301 attempts are required to generate a collision by brute force!
127. Introduction To DNS Jonathan Oxer < [email_address] > Start with the Taylor series approximation to the probability of a “nonce” value collision where “n” is the number of attempts and “H” is the number of unique outputs: Invert the expression: Now assigning a 0.5 probability of collision: So it's obvious that for a 16 bit hash there are 65536 outputs, ie: only 301 attempts are required to generate a collision by brute force!
128. Introduction To DNS Jonathan Oxer < [email_address] > Start with the Taylor series approximation to the probability of a “nonce” value collision where “n” is the number of attempts and “H” is the number of unique outputs: Invert the expression: Now assigning a 0.5 probability of collision: So it's obvious that for a 16 bit hash there are 65536 outputs, ie: only 301 attempts are required to generate a collision by brute force!
129. 301 attempts against 2 x16 hash Introduction To DNS Jonathan Oxer < [email_address] >