Draw me a DNS

DNS, or Domain Name Service for the layperson, is a very integral part of the internet. Without DNS, the internet would be on “hard-mode” all the time. It would be like the days before speed-dial when you had to actually REMEMBER everyone’s phone number like some sort of Einstein-esque genius. Have you ever lost your phone before and tried to call someone? It’s hard. I seriously should have gotten a Nobel Prize for knowing all of my best friends’ ...

Google Search Page In Vietnam Hijacked

As reported by a number of different sources, Google’s primary web property in Vietnam (www.google.com.vn) had its DNS abused by an individual (or individuals) claiming affiliation with Lizard Squad.

Based on the DNS queries over the past 2 days, we noticed that the DNS infrastructure changed from the expected Google name servers (ns1.google.com, ns2.google.com) to CloudFlare (173.245.59.108, 173.245.58.166). This was identified using OpenDNS Investigate and corroborated by several other publicly available tools. Though only a brief redirection, visitors to the legitimate www[.]google[.]com[.]vn site were surreptitiously redirected to a ...

Fessleak before It Was Cool

OpenDNS has received numerous questions about the Invincea “Fessleak” report. We have been tracking this “actor”, who went by the name of Michael Zont, for several months, and saw a major uptick in previous weeks. The name “Fessleak” actually comes from the actor’s email address (fessleak@qip[.]ru) used to register the domains.

OpenDNS first became aware of malicious activity around this registrant in April 2014 starting with the creation of prosoknf[.]com, and began an active monitoring campaign to identify, and block, any ...

OpenDNS Hosts Bro4Pros

This week OpenDNS hosted the first ever Bro workshop (a.k.a. Bro4Pros) geared towards advanced users. For a day and a half, presenters discussed using Bro operationally, edge cases in Bro’s scripting language, tracking network related metrics using Bro, and new features in Bro. Many experts, including the Bro core development team, were present at the workshop, making the caliber of the sessions extremely high.

I was lucky enough to be given a full hour to present during the workshop. The title of ...

Using Algorithms to Brute Force Algorithms

One of the main responsibilities the OpenDNS labs team is tasked with is identifying new malicious infrastructure. In this blog, I’ll discuss how we discovered new malicious domains from a well known malware family.

Many DGAs work by feeding a date into a mathematical function to generate a string of characters. Typically, a TLD is then appended to the end of the string, thus forming domain name. This domain name is then contacted for instructions. If the domain name does not ...