News

Ways to use Passive DNS: Security Professional

August 13, 2018

Security Professionals can use Passive DNS to investigate domains or IP addresses that have raised suspicion, and find out if it is a single malicious IP or a complex multi-layered operation they are dealing with.

  • Looking glass in a circle leading to coloured networks with text " Passive DNS: Security Professionals"Investigate domains that are within the same subnet of a particular IP address – some (or most) of these may display similar behaviours as the one that has caused you concern.
  • Abusers recycle their resources e.g. the same web server may host several phishing domains, not just one.  With Passive DNS you can acquire the information before, or as soon as they change their domain or IP address.
  • If you are dealing with a more complex operation, the abuser may have the full /24 subnet under his control and Passive DNS can potentially provide additional, deeper insights e.g. all the domains that are pointing to an IP address in the subnet.
  • Passive DNS searches will also permit you to find invalid or unauthorised records in the zones you control, caused by unauthorised access or by cache poisoning/spoofing (where corrupt DNS data is introduced into the DNS resolver’s cache, causing the name server to return an incorrect result).

USING PASSIVE DNS: Malware Researcher

Exclusive Passive DNS Beta Testing Opportunity

 

Engage with us on

It's time to protect your organization

Start your free trial