For the first time, Farsight contributed its passive DNS data to the DBIR report from Verizon.
View researchThe domain name system (DNS) is a crucial backbone of the Internet and millions of new domains are created on a daily basis. While the vast majority of these domains are legitimate, adversaries also register new hostnames to carry out nefarious purposes, such as scams, phishing, or other types of attacks. This paper presents insights on the global utilization of DNS through a measurement study examining exclusively newly observed hostnames via passive DNS data analysis.
View researchNetwork measurements are an important tool in understanding the Internet. Due to the expanse of the IPv6 address space, exhaustive scans as in IPv4 are not possible for IPv6. Researchers show that addresses in IPv6 hitlists are heavily clustered and present novel techniques that allow to push IPv6 hitlists from quantity to quality.
View researchResearchers introduce Entropy/IP: a system that discovers Internet address structure based on analyses of a subset of IPv6 addresses known to be active, i.e., training data, gleaned by readily available passive and active means.
View researchResearchers use the Farsight passive DNS database (DNSDB) corresponding to investigate the domain name usage, such as the first- and last-seen timestamps, a list of resolved IP addresses, and changes in the name server records.
View researchFor a better understanding of how many domains are affected by IP address churn, researchers observe DNS traffic through Farsight’s passive DNS measurements.
View researchThe Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reachability to selected destinations, e.g., that are under attack.
View researchHosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers.
View researchMost attacks compromise the resolution path somewhere between the user and the authoritative name server for a Domain. Researchers explore an attack against the authoritative end of the path: the zone file of the authoritative name server using non-secure DNS dynamic update protocol extension.
View researchResearchers use the Farsight DNSDB for domain to IP mapping.
View research