NXDOMAIN data leakage prevention

Amanda Constant amanda.constant at secure64.com
Mon Oct 1 17:39:32 UTC 2018


I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.

Amanda

On Oct 1, 2018, at 11:29 AM, Amanda Constant via Unbound-users <unbound-users at nlnetlabs.nl> wrote:

> I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.
> 
> Amanda
> 
> On Oct 1, 2018, at 11:27 AM, Amanda Constant via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> 
> I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.
> 
> Amanda
> 
> On Oct 1, 2018, at 5:03 AM, Chris via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> 
> I was reading a disturbing article on ways that DNS can be used to get data past firewalls and for malicious programs to communicate with a command and control center via DNS NXDOMAIN.
> 
> Right off hand I dont see a way to block this ? Looking at my NXDOMAIN lookups its quite pervasive and coming from a large number of sources. Its clearly being used by A LOT of people.
> 
> Is there a way I can use Unbound to mitigate this threat ? This is a serious issue because i don't see how to block this.
> 
> https://www.plixer.com/blog/detecting-malware/security-vendors-teaching-bad-actors-how-to-get-past-firewalls/
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
> 
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________ 
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 2189 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181001/f0515870/attachment.bin>


More information about the Unbound-users mailing list