Get In Touch
We suggest reading Parts One, Two, and Three before continuing with this blog post. Fast Flux Network Malicious Activity Fast Flux Network as a Platform for Malware Activity In order to make sure, beyond any reasonable doubt, that the Fast Flux network is being used for malicious activities, we collected evidence from a variety of public sources that shows a clear relationship between the analyzed malware samples and domains being
We suggest reading Parts One and Two before continuing with this blog post. Fast Flux Network - C&C Network vs. Hosting Network In order to further investigate the initial assumption of having two different sub-networks as observed in Fast Flux Network - Overview, we created a network graph, but this time without showing the relation to the nameserver. Doing that showed us that we can see two distinct sub-networks segregated
Read Part One, an Introduction to Fast Flux Networks, here. Fluxing - Deep Dive The primary characteristic of the Fast Flux network is that the network constantly changes its IP addresses, domains, and nameservers. These changes obfuscate the true nature of the network and make it more difficult for researchers to understand and defend against.
Authors: Or Katz, Principal Lead Security Researcher, Akamai; Raviv Perets, Senior Security Researcher, Akamai; Guy Matzliach, Security Researcher, Akamai Introduction Recently, we have seen large-scale botnets used to execute attacks rarely seen in the past. These botnets incorporate new features and have bigger capabilities. How do these botnets remain resilient to detection?
With high-profile security attacks occurring every day, organizations are more concerned than ever with cyber security. Many are going well beyond anti-virus protection and firewalls to adopt multiple layers of security such as intruder prevention systems, sandboxing, and secure web gateways. Yet most IT departments fail to protect the recursive Domain Name System (DNS). This oversight leaves valuable data and personal information on their networks wide open to attack by
Written by Asaf Nadler and Avi Aminov Updated 2/14/19 After the initial publication of this blog post, Asaf Nadler and Avi Aminov wrote a paper on the detection of malicious and low throughput data exfiltration over the DNS protocol. The DNS protocol is a naming system for host machines and an essential component in the functionality of the Internet. The vast number of domains and subdomains on the Internet today
Provider networks continue to experience growth in traffic, which raises costs, without corresponding growth in revenues. Accommodating this growth and increasing complexity while managing costs is forcing CSPs to assess how they build and maintain their networks. Everyone agrees everything ultimately resolves to software and fortunately there's been considerable innovation that will support provider business imperatives.
DNS was first conceived in 1983, back when one of the most memorable movie quotes of all time was popularized: "Go ahead, make my day" (Clint Eastwood in "Sudden Impact"). The internet as we know it today did not yet exist; however, ARPANET, its predecessor network, was the exclusive domain of a small group of academics and researchers, so no one gave much thought to security. A lot has changed.
Background Akamai Technologies recently contributed its "Serve Stale" DNS algorithm to Version 9 of the Internet Systems Consortium's (ISC) Berkeley Internet Name Domain (BIND) open source Domain Name System (DNS) project. As the Internet's most widely used DNS implementation, BIND operates ubiquitously throughout the Internet. The ongoing availability of answers from BIND servers is a critical element for the ongoing availability of the Internet for many users.