For release on: October 25, 2019
Phone Inquiries: +1 650.600.3850
NetSTAR Partners with Leading Cyber Intelligence Data Company to Enhance DNS Insights
DNS remains a critical focus area for security professionals
San Mateo, October 25 – NetSTAR has partnered with a leading, global cyber intelligence data firm to enhance their insights around DNS as a threat vector. Leveraging key internet traffic data collected by this company, NetSTAR has increased their visibility into DNS server logs and performance. Increased visibility into DNS traffic is a must in today’s security climate.
DNS is a common threat vector, and one sometimes ignored by internet and network security professionals. DNS-based attacks may include:
Cache poisoning (spoofing): the most common DNS attack, cache poisoning involves injecting malicious data into the DNS resolver cache to redirect users to impostor sites instead of desired sites, often as part of a phishing attack
Domain hijacking: an attack that modifies DNS servers and domain registrar data to direct traffic away from the domain to a phony site, often used to spoof payment pages and collect credit card or PayPal information
Distributed reflection DoS attacks: this attack type uses ignorant 3rd party resolvers and spoofed source addresses to drive a DoS attack, often involving botnets to amplify the attack effect
DNS tunneling: an attack that leverages DNS communication to bypass firewalls while tunneling protocols such as SSL and TCP, with the intent of data exfiltration, malicious data transfer, or remote control of a compromised host
DNS hijack/redirect attacks: in this attack, malware changes TCP/IP configuration settings to point to a rogue DNS server and redirect users to impostor sites
Random subdomain attacks: another type of DoS attack involving botnets, wherein hosts send DNS requests for non-existent subdomains to an authoritative DNS that hosts the main domain name in an attempt to exhaust DNS outstanding query limits
NXDOMAIN attacks: similar to a random subdomain attack, this type of attack includes a flood of queries from remote DNS clients to a DNS server for non-existing domains
Phantom domain attacks: an attack that saturates a DNS resolver with requests for multiple domains that will never respond to the DNS server or will respond very slowly
TCP SYN attacks: in this attack, the three-way handshake that initiates a TCP connection is exploited as spoofed SYN packets are sent, and the server wastes resources sending acknowledgments to bogus destinations which are never answered
Domain lockup attacks: in this attack type, attackers set up resolvers and domains to establish TCP connections with DNS resolvers, and upon receipt of requests from the DNS resolver these domains send delayed and random packets to the server to exhaust DNS server resources
The biggest challenge impacting internet security today is having visibility into the actual traffic flows of the internet. And with DNS-based attacks on the rise, nowhere is this more necessary than with DNS traffic. More and more organizations are relying on AI and machine learning, which does address security issues in part. But having people who can review DNS footprints from recursive to authoritative DNS logs and perform other tasks is critical, too. NetSTAR has human review teams in place around the globe, working 24/7 to continuously improve our visibility into the internet.
NetSTAR is a global leader in internet categorization and security solutions for the OEM market. We categorize billions of URLs, domains, and IP addresses, and give our OEM partners visibility into the dynamic internet landscape. With our telemetry data from over one billion endpoints, our proprietary categorization technologies, and our partnerships with internet and security industry leaders, we provide unparalleled URL categorization and threat intelligence.
If you would like more information concerning this release, please inquire via +1 650.600.3850.
# # #