I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.
Amanda On Oct 1, 2018, at 11:37 AM, Amanda Constant via Unbound-users <[email protected]> wrote: > I am out of the office October 1st & 2nd and will respond to your message as > quickly as possible once I return. > > Amanda > > On Oct 1, 2018, at 11:27 AM, Amanda Constant via Unbound-users > <[email protected]> wrote: > > I am out of the office October 1st & 2nd and will respond to your message as > quickly as possible once I return. > > Amanda > > On Oct 1, 2018, at 11:21 AM, Chris via Unbound-users > <[email protected]> wrote: > > Welllll.... Ive done a lot of looking around and I just dont see any solution > to this issue. Im not concerned with DoS attacks, those i could deal with. Im > concerned for the stunningly stealthy 5 or 6 NXDOMAIN lookups from a scary > actor. That kind of thing could transmit a small amount of really damaging > info. Or.. A company using this to monitor each client with pings once a > minute. The uses of this low rate communications channel is Unbounded and > truly scary. > > I know this has been around a long time. Im sorry for my stunned amazement, I > just ran into this. > > No matter how I rack my brain, I can't think of any way around this. Short of > a registry of every domain before they can be used. So nothing should ever > come up NXDOMAIN. Even then,, it will get abused. > > Man, just when I thought I was happy with TLS 1.3 for DNS and DNSSEC. Its > just never ending. > > On 10/1/2018 4:03 AM, Chris via Unbound-users wrote: > I was reading a disturbing article on ways that DNS can be used to get data > past firewalls and for malicious programs to communicate with a command and > control center via DNS NXDOMAIN. > > Right off hand I dont see a way to block this ? Looking at my NXDOMAIN > lookups its quite pervasive and coming from a large number of sources. Its > clearly being used by A LOT of people. > > Is there a way I can use Unbound to mitigate this threat ? This is a serious > issue because i don't see how to block this. > > https://www.plixer.com/blog/detecting-malware/security-vendors-teaching-bad-actors-how-to-get-past-firewalls/ > > > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________
