Research

Verizon 2021 Data Breach Investigations Report

Verizon 2021 Data Breach Investigations Report

For the first time, Farsight contributed its passive DNS data to the DBIR report from Verizon.

View research
A Study of Newly Observed Hostnames and DNS Tunneling in the Wild

A Study of Newly Observed Hostnames and DNS Tunneling in the Wild

The domain name system (DNS) is a crucial backbone of the Internet and millions of new domains are created on a daily basis. While the vast majority of these domains are legitimate, adversaries also register new hostnames to carry out nefarious purposes, such as scams, phishing, or other types of attacks. This paper presents insights on the global utilization of DNS through a measurement study examining exclusively newly observed hostnames via passive DNS data analysis.

View research
Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists

Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists

Network measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. Researchers show that addresses in IPv6 hitlists are heavily clustered and present novel techniques that allow to push IPv6 hitlists from quantity to quality.

View research
Entropy/IP: Uncovering Structure in IPv6 Addresses

Entropy/IP: Uncovering Structure in IPv6 Addresses

Researchers introduce Entropy/IP: a system that discovers Internet address structure based on analyses of a subset of IPv6 addresses known to be active, i.e., training data, gleaned by readily available passive and active means.

View research
DomainChroma: Building actionable threat intelligence from malicious domain names (2018)

DomainChroma: Building actionable threat intelligence from malicious domain names (2018)

Researchers use the Farsight passive DNS database (DNSDB) corresponding to investigate the domain name usage, such as the first- and last-seen timestamps, a list of resolved IP addresses, and changes in the name server records.

View research
Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (2018)

Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (2018)

For a better understanding of how many domains are affected by IP address churn, researchers observe DNS traffic through Farsight’s passive DNS measurements.

View research
Inferring BGP Blackholing Activity in the Internet (2017)

Inferring BGP Blackholing Activity in the Internet (2017)

The Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reachability to selected destinations, e.g., that are under attack.

View research
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting (2017)

Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting (2017)

Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers.

View research
Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates (2017)

Zone Poisoning: The How and Where of Non-Secure DNS Dynamic Updates (2017)

Most attacks compromise the resolution path somewhere between the user and the authoritative name server for a Domain. Researchers explore an attack against the authoritative end of the path: the zone file of the authoritative name server using non-secure DNS dynamic update protocol extension.

View research
No domain left behind: is Let’s Encrypt democratizing encryption? (2017)

No domain left behind: is Let’s Encrypt democratizing encryption? (2017)

Researchers use the Farsight DNSDB for domain to IP mapping.

View research