标题:
Passive DNS资源
[打印本页]
作者:
linda
时间:
2019-4-21 11:46
标题:
Passive DNS资源
Passive DNS对安全研究非常重要,因为它可以在前期帮助我们构建出目标的基础设施结构,并且可以得到以下三方面的答案:
该域名曾经绑定过哪些IP
这个IP有没有其他的域名
该域名最早/最晚什么时候出现
Passive DNS同时也在SOC的时候起到很大的帮助。通过识别的恶意域名,可以找到其他被恶意破坏的机器。目前有很多网站允许我们访问它的 Passive DNS系统,例如:
Virustotal(
https://www.virustotal.com/
)、passivetotal(
https://www.passivetotal.com
)、CIRCL (
https://www.circl.lu/services/passive-dns/
)。有很多这样的网站,但是,自己在本地有一个当然会更方便。
https://github.com/gamelinux/passivedns
https://github.com/360netlab
https://archive.farsightsecurity.com/Passive_DNS_Sensor/
https://archive.farsightsecurity.com/Passive_DNS/passive_dns_hardening_handout.pdf
https://api.dnsdb.info/
http://www.iseclab.org/papers/bilge-ndss11.pdf
https://kb.isc.org/article/AA-00535/119/Operating-an-ISC-Passive-DNS-sensor.html
http://www.rsreese.com/passive-dns-collection-and-analysis-using-yaf-and-mediator/
https://github.com/gamelinux/passivedns
http://www.youtube.com/watch?v=Tz7EYQPAMzA
http://www.youtube.com/watch?v=2Jpkm7EYbaM
https://kb.isc.org/article/AA-00535/119/Operating-an-ISC-Passive-DNS-sensor.html
http://rsf.isc.org/projects/sieisc/
http://meetings.apnic.net/__data/assets/pdf_file/0017/45521/05-Merike-Kaeo-Passive-DNS.pdf
http://conferences.npl.co.uk/satin/presentations/satin2011slides-Rasmussen.pdf
DNS firewall:
http://www.senki.org/using-dns-to-protect-your-network-and-your-customers/
http://www.slideshare.net/BarryRGreene/binds-new-security-feature-dnsrpz-the-quotdns-firewallquot
https://dl.farsightsecurity.com/dist/
https://kb.isc.org/article/AA-00525/
http://www.enyo.de/fw/software/dnslogger/#3
http://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-datasheet-dns-firewall.pdf
http://www.infoblox.com/downloads/resources/defeating-advanced-persistent-threat-malware/download
原文:
http://www.xitongjiaocheng.com/ubuntu/2018/61237.html
https://paper.tuisec.win/detail/d408ff913bf0d07
https://yq.aliyun.com/articles/449555
[
本帖最后由 linda 于 2019-4-21 11:56 编辑
]
欢迎光临 中神通公司技术论坛 (http://trustcomputing.com.cn/bbs/)
Powered by Discuz! 6.0.0
