OpenDNS is now part of Cisco Learn More

The Good, the Bad, and the Parked

A parked domain is a domain name that has been registered and is serving temporary content, is being held for future use, or is being used for monetization purposes. Some parked domains serve custom 404 pages, redirects, or advertisements.

Parked domains often serve ads to visitors as a mechanism for generating revenue for the domain owner. As more visits translate to more ad impressions and more ad impressions translate to more money for the domain owner, parked domains meant for monetization ...

BGPStream, DNSStream & What Happens Before the Cyber Kill Chain Presentations

Over the last couple weeks we have been lucky enough to be involved in some amazing projects and present with great co-presenters.

The first presentation was at Blackhat where Andree Toonk and I unveiled BGPStream and DNSStream. The idea for both projects came from one of our incredible hackathons, where a few times a year our engineers and researchers get together for 24 hours and focus on delivering innovation in small teams. The teams essentially have from 10 AM on day one until ...

BSides Las Vegas, Black Hat, and Defcon Wrap-up

For OpenDNS, the first week of August was fun but also busy. A group of us OpenDNS researchers and engineers headed to Las Vegas for BSides Las Vegas, Black Hat, and Defcon. We gave talks, attended sessions, met with prospects and customers, and caught up with infosec friends.

This blog post details some of the insights from those who attended.

Insights from Andrew Hess

At BSides Las Vegas, Andrew Hess gave a short presentation about an internal feature the OpenDNS engineering team has constructed, and ...

Tracking the Footprints of Ransomware

(image courtesy of

Ransomware is a form of malware that, once a machine is compromised, starts to seek out certain file extensions, usually Microsoft, AutoCAD, Adobe, or any other file type that might be deemed valuable, and wraps it with an encryption process as to make it unusable by the user until a fee is paid. Currently it seems to be the malware-de-jour. It should be noted that not all ransomware is created equal, nor do they all act ...

Poseidon: Real-Time HTTP Log Analyzer

OpenDNS is known for being a cloud-delivered DNS security company, analyzing around 70 billion DNS requests per day. We also monitor about 10.1 million daily HTTP traffic requests on our proxy, which is maintained by our awesome Cloud Enforcement Team. Since this is a relatively new data set for us, building new data pipelines and processing proper metrics is an important step to gaining visibility and building intuitions about the data. With this in mind, we have created Poseidon, a statistics tool to monitor the network behavior on our proxy.

The primary purpose of ...