Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
2023-02-15
Rob VandenBrink
DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-01-30
Johannes Ullrich
Decoding DNS over HTTP(s) Requests
2023-01-23
Xavier Mertens
Who's Resolving This Domain?
2022-08-31
Johannes Ullrich
Underscores and DNS: The Privacy Story
2022-08-10
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-04-29
Rob VandenBrink
Using Passive DNS sources for Reconnaissance and Enumeration
2021-12-17
Rob VandenBrink
DR Automation - Using Public DNS APIs
2021-10-04
Johannes Ullrich
Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on.
2021-09-11
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-07-31
Guy Bruneau
Unsolicited DNS Queries
2021-06-19
Xavier Mertens
Easy Access to the NIST RDS Database
2021-05-30
Didier Stevens
Video: Cobalt Strike & DNS - Part 1
2021-05-20
Johannes Ullrich
New YouTube Video Series: Everything you ever wanted to know about DNS and more!
2021-01-25
Rob VandenBrink
Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2021-01-15
Guy Bruneau
Obfuscated DNS Queries
2020-12-16
Daniel Wesemann
DNS Logs in Public Clouds
2020-12-08
Johannes Ullrich
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-10-30
Xavier Mertens
Quick Status of the CAA DNS Record Adoption
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-07-16
John Bambenek
Hunting for SigRed Exploitation
2020-07-15
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2019-12-29
Guy Bruneau
ELK Dashboard for Pihole Logs
2019-12-07
Guy Bruneau
Integrating Pi-hole Logs in ELK with Logstash
2019-11-25
Xavier Mertens
My Little DoH Setup
2019-10-25
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-10-21
Jim Clausing
What's up with TCP 853 (DNS over TLS)?
2019-07-17
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-13
Guy Bruneau
Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-09
John Bambenek
Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
2019-06-16
Didier Stevens
Sysmon Version 10: DNS Logging
2019-03-27
Xavier Mertens
Running your Own Passive DNS Service
2019-01-31
Xavier Mertens
Tracking Unexpected DNS Changes
2019-01-22
Xavier Mertens
DNS Firewalling with MISP
2018-09-22
Didier Stevens
Suspicious DNS Requests ... Issued by a Firewall
2018-02-25
Guy Bruneau
Blackhole Advertising Sites with Pi-hole
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-11-16
Xavier Mertens
Suspicious Domains Tracking Dashboard
2017-10-20
Rick Wanner
One year Anniversary of Dyn DDOS
2017-10-02
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-06-14
Xavier Mertens
Systemd Could Fallback to Google DNS?
2017-04-20
Xavier Mertens
DNS Query Length... Because Size Does Matter
2016-10-23
Johannes Ullrich
ISC Briefing: Large DDoS Attack Against Dyn
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-06-12
Guy Bruneau
DNS Sinkhole ISO Version 2.0
2016-04-28
Rob VandenBrink
DNS and DHCP Recon using Powershell
2015-11-22
Guy Bruneau
OpenDNS Research Used to Predict Threat
2015-11-08
Rick Wanner
DNS Reconnaissance using nmap
2015-08-19
Bojan Zdrnja
Outsourcing critical infrastructure (such as DNS)
2015-02-19
Daniel Wesemann
DNS-based DDoS
2014-06-02
Rick Wanner
Using nmap to scan for DDOS reflectors
2014-05-20
Johannes Ullrich
Detecting Queries to "odd" DNS Servers
2014-04-30
Johannes Ullrich
Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic
2014-04-30
Russ McRee
UltraDNS DDOS
2014-02-04
Johannes Ullrich
Do you block "new" domain names?
2014-01-30
Johannes Ullrich
New gTLDs appearing in the root zone
2013-12-21
Guy Bruneau
Strange DNS Queries - Request for Packets
2013-11-19
Jim Clausing
Updated dumpdns.pl
2013-11-04
Manuel Humberto Santander Pelaez
When attackers use your DNS to check for the sites you are visiting
2013-10-21
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-17
Adrien de Beaupre
Internet wide DNS scanning
2013-10-10
Johannes Ullrich
google.com.my DNS hijack
2013-10-08
Johannes Ullrich
CSAM: ANY queries used in reflective DoS attack
2013-10-02
Johannes Ullrich
CSAM: Misc. DNS Logs
2013-09-26
Johannes Ullrich
How do you monitor DNS?
2013-09-02
Guy Bruneau
Snort IDS Sensor with Sguil New ISO Released
2013-08-14
Johannes Ullrich
.GOV zones may not resolve due to DNSSEC problems.
2013-08-07
Mark Hofman
DNS servers hijacked in the Netherlands
2013-07-17
Johannes Ullrich
Network Solutions Outage
2013-07-12
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-10
Johannes Ullrich
.NL Registrar Compromisse
2013-06-22
Guy Bruneau
.biz DNSSEC DNSKEY is Invalid
2013-06-20
Johannes Ullrich
Linkedin DNS Hijack
2013-06-05
Richard Porter
BIND 9 Update fixing CVE-2013-3919
2012-12-14
Johannes Ullrich
The "D-root" DNS server (terp.umd.edu) is changing its IP address in January http://seclists.org/nanog/2012/Dec/330
2012-12-06
Daniel Wesemann
Comodo DNS hiccup on usertrust.com
2012-08-16
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-07-24
Richard Porter
Report of spike in DNS Queries gd21.net
2012-07-21
Rick Wanner
OpenDNS is looking for a few good malware people!
2012-07-21
Rick Wanner
TippingPoint DNS Version Request increase
2012-05-21
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-16
Johannes Ullrich
Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-03-30
Daniel Wesemann
Tomorrow, the world will end
2012-02-23
donald smith
DNS-Changer "clean DNS" extension requested
2012-02-20
Rick Wanner
DNSChanger resolver shutdown deadline is March 8th
2012-02-09
Richard Porter
DNS Ghost Domains, How I loath you so!
2012-01-21
Guy Bruneau
DNS Sinkhole Scripts Fixes/Update
2012-01-18
Johannes Ullrich
Use of Mixed Case DNS Queries
2012-01-13
Guy Bruneau
Strange DNS Queries - Request Packets/Logs
2011-12-13
Johannes Ullrich
Possible Widespread DNS Attack (info wanted)
2011-12-05
Stephen Hall
ISC describe DNS crash bug analysis
2011-11-28
Tom Liston
A Puzzlement...
2011-11-16
Jason Lam
Potential 0-day on Bind 9
2011-11-11
Rick Wanner
What's up with fbi.gov DNS?
2011-11-11
Johannes Ullrich
Details About the fbi.gov DNSSEC Configuration Issue.
2011-11-09
Russ McRee
Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-10-15
Guy Bruneau
DNS Sinkhole Parser Script Update
2011-10-10
Tom Liston
What's In A Name?
2011-09-09
Guy Bruneau
IPv6 and DNS Sinkhole
2011-09-04
Lorna Hutcheson
Several Sites Defaced
2011-08-17
Rob VandenBrink
When Good Patches go Bad - a DNS tale that didn't start out that way
2011-08-05
Johannes Ullrich
Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-08-05
donald smith
New Mac Trojan: BASH/QHost.WB
2011-07-05
Raul Siles
Two DoS remotely exploitable vulnerabilities affect BIND 9: http://www.isc.org/advisories/bind Updgrade to 9.8.0-P4.
2011-06-28
Johannes Ullrich
DNSSEC Tips
2011-06-03
Guy Bruneau
New Poll: How are you dealing with Malicious Domains?
2011-05-09
Johannes Ullrich
Patch for BIND 9.8.0 DoS Vulnerability
2011-04-14
Johannes Ullrich
dshield.org now DNSSEC signed via .org
2011-04-05
Mark Hofman
DNS.be DDOS
2011-01-26
Bojan Zdrnja
Google Chrome and (weird) DNS requests
2010-11-25
Bojan Zdrnja
Secunia's DNS/domain hijacked?
2010-11-13
Guy Bruneau
Register.com DNS Issues
2010-11-04
Johannes Ullrich
DNSSEC Progress for .com and .net
2010-10-03
Adrien de Beaupre
H went down.
2010-09-25
Rick Wanner
Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-08-07
Stephen Hall
DnsMadeEasy under a "quite large and unique" ddos.
2010-07-29
Rob VandenBrink
NoScript 2.0 released
2010-06-19
Guy Bruneau
DNS Sinkhole ISO Available for Download
2010-05-12
Johannes Ullrich
.de TLD Outage
2010-05-04
Rick Wanner
DNSSEC...not a bang but a whimper?
2010-02-26
Rick Wanner
New version of dnsmap
2010-01-19
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-12
Johannes Ullrich
Baidu defaced - Domain Registrar Tampering
2010-01-11
Johannes Ullrich
the (large) domain registrar "eNom" appears to have problems with its DNS servers according to some user reports.
2010-01-10
Guy Bruneau
Easy DNS BIND Sinkhole Setup
2009-12-15
Johannes Ullrich
Important BIND name server updates - DNSSEC
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-24
John Bambenek
BIND Security Advisory (DNSSEC only)
2009-11-02
Daniel Wesemann
IDN ccTLDs
2009-10-29
Kyle Haugsness
Cyber Security Awareness Month - Day 29 - dns port 53
2009-07-29
Bojan Zdrnja
BIND 9 DoS attacks in the wild
2009-04-26
Johannes Ullrich
Odd DNS Resolution for Google via OpenDNS
2009-03-21
Stephen Hall
Updates to ISC BIND
2009-01-31
Swa Frantzen
DNS DDoS - let's use a long term solution
2009-01-18
Daniel Wesemann
DNS queries for "."
2009-01-08
Kyle Haugsness
BIND OpenSSL follow-up
2009-01-07
William Salusky
BIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-04
Bojan Zdrnja
Rogue DHCP servers
2008-11-25
Andre Ludwig
OS X Dns Changers part three
2008-11-25
Andre Ludwig
Tmobile G1 handsets having DNS problems?
2008-10-17
Patrick Nolan
Day 17 - Containing a DNS Hijacking
2008-10-08
Johannes Ullrich
Domaincontrol (GoDaddy) Nameservers DNS Poisoning
2008-08-14
Johannes Ullrich
DNSSEC for DShield.org
2008-08-05
Daniel Wesemann
Watching those DNS logs
2008-08-02
Swa Frantzen
BIND: -P2 patches are released
2008-07-25
Swa Frantzen
DNS bug - observations
2008-07-24
Kyle Haugsness
DNS cache poisoning vulnerability details confirmed
2008-07-22
Swa Frantzen
Dan Kaminsky's DNS bug: revealed? - Patch!
2008-07-09
Marcus Sachs
DNS Vulnerability Found by a GSEC Student Three Years Ago!
2008-07-08
Johannes Ullrich
Mulitple Vendors DNS Spoofing Vulnerability
2008-05-19
Maarten Van Horenbeeck
Route filtering and its impact on the DNS fabric
2008-04-30
Bojan Zdrnja
(Minor) evolution in Mac DNS changer malware
2008-03-23
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Keep yourself informed with our
aggregate InfoSec news