real time analytics of dns packets using apache …...real time analytics of dns packets using...

Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes [email protected] 1

Upload: others

Post on 21-Jun-2020

4 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Real Time Analytics of DNS packets using Apache STORM

Lightning talk

Francisco [email protected]

State of the Art

These are DSC presenters!

Page 3: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

DSC: A DNS Statistics Collector

Page 4: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

What’s Apache Storm!?

“Apache Storm is a (…) distributed realtime computation system.”

https://storm.apache.org/

Page 5: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

What it is used for!?

“Storm has many use cases: realtime analytics, online machine learning, continuous computation, distributed RPC, ETL, and more…”

https://storm.apache.org/

Page 6: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

What it is used for!?

And many others...

Page 7: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

What it is used for!?

“One example is security monitoring where we are leveraging Storm to analyze the network telemetry data of our globally distributed infrastructure in order to detect and mitigate cyber attacks”

http://storm.apache.org/documentation/Powered-By.html

Page 8: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Proposed Architecture

Page 9: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Proposed Architecture

Page 10: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Proposed Architecture

Page 11: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Inspiration

Page 12: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Inspiration

Distance between client and server reached the threshold!

Page 13: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Some choices reasons

● Why do we need real time analysis?● Why Apache Storm?

Page 14: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

What has been done

● DNS Packet Parser.● Tested different topologies.

Page 15: Real Time Analytics of DNS packets using Apache …...Real Time Analytics of DNS packets using Apache STORM Lightning talk Francisco Cifuentes francisco@niclabs.cl 1 State of the Art

Francisco [email protected]://ratadns.niclabs.cl

Suggestions / Ideas accepted!

· iv CONTENTS 2.22 Issues Regarding DNS and Apache HTTP Server. . . . . . . . . . . . . . . . . . . . . . . . . .121 3 Apache Virtual Host documentation123 3.1 Apache

Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

Evolution of MLPscms.cityoftacoma.org/retirement/boarddocuments/BOARD Packets/2… · 1981 to hold oil and gas assets spun out of the Apache Corporation in order to raise capital

DNS Session 2: DNS cache operation and DNS debugging

dns ile alakalı diyer kelimeler · dns failover 1300 0,36 17,75 euro dns 720 0,05 6,03 dns management 1300 0,5 7,92 dns registration 720 0,89 27,22 dns blacklist 1600 0,11 2,69 dns

Administration de Systèmes d'Informationcosy.univ-reims.fr/~lsteffenel/cours/Master2/0910-ASI/M2ProASR-ASI... · DHCP NIS NFS Samba DNS Apache ... Mandriva : ... Tous les répertoires

DHCP DNS: DNS: WINS: WINS

Apache, DNS y Correo

DNS DNS SPS ThreatAvertdnsops.jp/event/20180627/DNSセキュリティはDNSで... · 2018-09-11 · DNS DNS " " SPS ThreatAvert DNS " DDoS ( $30 5+ 2018*6-27, ! " % '.46)/2 ©Akamai

Windows Server 2008 R2 IPv6 的 DNS 及 IIS 設定 · DNS f6e5d4 (SOA) IPv6 (AAAA) 17 CTR) DNS DNS w1N2008 imntcedll im_ntc _ ed u _ tv im.ntc.edn.tv DNS DNS DNS w1N2008 imntcedll

mrf-92e2.kxcdn.com · 2019. 11. 26. · APACHE CORPORATION APACHE CORPORATION APACHE CORPORATION APACHE CORPORATION APACHE CORPORATION APACHE CORPORATION APACHE CORPORATION 336 A-213

Networking:! UDP&!DNS! · 2018-06-27 · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

Stefan Burschka Tranalyzer Feel the packets, be the packets

DNS Cache y DNS Zonas_Dquintero

今さら聞けないIP アドレスとドメイン名～見抜く …サーバ net DNS サーバ com DNSサーバ DNS DNS DNS DNS example DNS サーバ exampleの DNSサーバが

CentOS 6.4 como DNS, Apache, SSL

DNS and HTTP. Finally, the application layer! We have learned about: – Signals being sent on wires – Frames carried over dumb local networks – Packets

TCP as a Reliable Transport. How things can go wrong Lost packets Corrupted packets Reordered packets…

DNS Bind9 Apache

RIPE76 DNS Privacy measurements · DNS WG @ RIPE76 DNS Privacy Measurements Latest Measurements on DNS Privacy Sinodun ... Unbound . DNS WG @ RIPE76 DNS Privacy Measurements Test

Product Brief High Availability DHCP, DNS, IPAM (DDI)High Availability DHCP, DNS, IPAM (DDI) BT Diamond IP Product Brief • 4 Request packets) per Figure 3. The primary would process

DNS. Sommario Introduzione al DNS Introduzione al DNS La terminologia del DNS La terminologia del DNS Nomi DNS in un dominio Windows 2003 Nomi DNS in

IoT Isolation Strategies · connections to DNS servers is a significantly more burdensome process for the server than just fielding UDP packets. DNS, traditionally over UDP, is in

Networking:! UDP&!DNS! · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

Catalogue of Gift Boxes - Thomas Etty Esq. · · 2017-09-21Catalogue of Gift Boxes 7 packets £12.50 5 packets £9.00 7 packets £12.50 7 packets £12.50 6 packets £10.00 Sachet

Theme1 packets

Packet Analysis 20190526 · 2019-05-27 · DNS Query Query size 2 answers. 10 Reading tcpdumpOutput •TCP packets: ... –to examine security problems •Developers use it: ... •Run

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service

CIS 175 Lecture Notes - h222767.temppublish.comh222767.temppublish.com/14_NW/175_Lecture_Notes.doc · Web viewSliding window can improve by number of packets in ... 53 domain DNS

DNS-based Countermeasure Technologies for Spam … victim PC Hard Disk Drive. To converts FQDNs into IP addresses. A RR based DNS Query Packets 1 E-mail = 1 MX + 1A + 1PTR + 1A for

Cosc 4750 Domain Name Service (DNS) IP Addresses Machines on the Internet need an addressing scheme (or couldn’t receive packets!) Each machine has a

Wavelet Basis Packets and Wavelet Frame Packets · Wavelet Basis and Frame Packets 241 Proof. We have 2. Orthogonal or Biorthogonal Wavelet Basis Packets and Wavelet Frame Packets

[September, 2012] WORKING GROUP 4 Network Security … · Network Security Best Practices . FINAL Report ... • Reflective DNS Amplification Attacks (allowing spoofed packets or

Introducción al DNS Definición DNS Cuando se utiliza el DNS DNS en Internet Mensajes DNS Funcionamiento del DNS Ejemplos Conclusiones

Servidor DNS BIND y las zonas maestras creadas para el servidor … · 2016. 11. 8. · Servidor DNS BIND y las zonas maestras creadas para el servidor web Apache. Instalar y configurar