[LINK] https/metadata
Christian Heinrich
christian.heinrich at cmlh.id.au
Wed Dec 7 09:19:59 AEDT 2016
Jim and Kim,
On Tue, Dec 6, 2016 at 6:00 PM, Jim Birch <planetjim at gmail.com> wrote:
> The actual DNS query and response content would not be visible at the
> metadata level level, it's inside the message. The metadata says you
> contacted a dns server but not what you looked up. The term "metadata"
> itself is a bit ambiguous, at any layer the stuff outside the layer wrapper
> is metadata and the stuff inside is content.
>
> As I see it, given that everything not just nefarious stuff gets encrypted,
> the best method for our protector overlords to find the bad guys would be
> analysing patterns in connection data. You could develop some known
> bad-guy signatures and use the activity of identified targets to train the
> system. Plus throw in any other profiling data you could scrounge. I
> imagine this would work pretty well, given a humungous amount of storage
> and processing power.
I develop the integration with Maltego to
https://www.mnemonic.no/news/2015/mnemonic-offers-passive-dns-data-to-the-public/
and https://www.dnsdb.info/
TD:LR Privacy was the main driver when Paul Vixie developed Passive
DNS hence it is impossible to determine who made the DNS request.
https://www.farsightsecurity.com/assets/media/download/passive-dns-privacy.pdf
is his supporting document.
--
Regards,
Christian Heinrich
http://cmlh.id.au/contact
More information about the Link
mailing list