Share this
The Spectre in the Room: Let’s Talk About DNS Abuse
by Peter Lowe on Jan 12, 2023 12:00:00 AM
Defining “DNS Abuse” Is Kind of Pointless
"DNS Abuse" as a term covers all forms of online threats related to the DNS, but the exact definition has been a matter of debate for some years. The people running registries and registrars mostly consider it related to registration of domain names, the people from threat intelligence look at how malware uses the DNS, and DNS infrastructure operators think of it as attacks on the DNS infrastructure itself. So, nobody quite agrees on a unified understanding of what the term means.
Turns out though: It doesn't matter. Everyone has their own definition of what it means to them, according to their perspectives and their particular values, but in the end we're all on the same side and we're all trying to protect users on the internet from online threats in some way or another. Whether one entity considers DNS Abuse to cover C2 domains or not isn't important, as long as each entity works to solve for the DNS Abuse they define. At the ICANN75 conference this year it was noted, "the train has left the station." The term DNS Abuse is out there and it means different things to different people, and that's OK.
Everyone’s Talking About It
There's been a lot of activity this year related to DNS Abuse, and it seems to have finally arrived in the spotlight globally.
The EU released a 173-page report on the results of a 7-month study on DNS Abuse, which prompted a lot of discussion worldwide. The European Dialog on Internet Governance (EuroDIG) held a session to discuss the consequences of definitions, and DNS Research Foundation published their thoughts on the topic.
The DNS Abuse Institute was launched by the Public Interest Registry (PIR, responsible for handling the .org TLD), and released their ongoing study of DNS Abuse called DNSAI Compass that shows trends from various areas. The FIRST DNS Abuse SIG released a draft of their model of DNS Abuse techniques, and the international group of registries and registrars, eco, published their initial versions of a table classifying DNS Abuse.
All of this represents the result of months and years of work behind the scenes on many different fronts, but altogether has pushed DNS Abuse into the public consciousness in a way that hasn't really been seen before.
What DNSFilter is Doing
DNSFilter continues to play a key part in the evolving landscape of DNS Abuse. As part of our mission to provide best-in-class DNS security, understanding and taking part in the conversation is fundamental to how DNSFilter can better protect our users while furthering online security for the internet as a whole.
Our Principal Security Researcher, Peter Lowe, presented at the ICANN75 AGM in Kuala Lumpur this year on the topic, after being named DNS Abuse Ambassador for FIRST (the Forum of Incident Responders and Security Teams). He's also continued his work as co-chair of the FIRST DNS Abuse SIG to provide incident responders with a reference point for dealing with ongoing events, as part of a multi-stakeholder group covering a huge range of interested parties.
We're also actively engaging with the DNS Research Foundation to explore their DAP.LIVE platform, and have provided feedback and commentary on eco's topDNS DNS Abuse Table. Evaluations and discussions are also happening with the DNS Abuse Institute on several levels, including their research and analysis, and reporting system that they are aiming to promote.
The Path Ahead
While there's been a lot of activity on various fronts, one of the main things that needs to happen going forward is to bring people together. With so many different perspectives, enabling the conversation itself is as valuable as the work itself on some levels.
Protective DNS is now seen as a basic part of any threat protection profile, and we have unique insight into all levels of DNS Abuse as an industry leader, allowing us to bring people together and remind everyone that we're all fighting the same battle. As part of this, DNSFilter is organizing a number of panels for 2023 at different levels, involving key players from all sectors to highlight the issues we're facing on a global scale.
At the same time, we're continuing to contribute our expertise and knowledge to ongoing work while providing feedback on publishings from other organizations. Every day seems to bring new ideas to the table.
Share this
Categories
- Featured (261)
- Protective DNS (21)
- IT (15)
- IndyCar (9)
- Content Filtering (7)
- Cybersecurity Brief (7)
- IT Challenges (7)
- Public Wi-Fi (7)
- AI (6)
- Deep Dive (6)
- Roaming Client (4)
- Team (4)
- Compare (3)
- Malware (3)
- Tech (3)
- Anycast (2)
- Events (2)
- MSP (2)
- Machine Learning (2)
- Phishing (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
As demand grows for constant connectivity to the digital world, offering free Wi-Fi has become as essential for restaurants and retail stores as providing quality products and exceptional service. Customers increasingly expect to stay connected wherever they go, and the availability of Wi-Fi in restaurants, shopping malls, and retail outlets significantly influences their choice of where to dine and shop. For businesses, providing in-store Wi-Fi ...
"Green IT" isn't just a buzzword; it's a transformative approach reshaping how we manage technology. As IT professionals, embracing Green IT means integrating sustainability into every facet of technology management. This isn't merely about being eco-friendly; it's about crafting IT environments that are both cost-efficient and future-proof.
Roblox, one of the world’s largest online platforms for children, has recently been making headlines—and not for the right reasons. While it's a playground for millions of kids, it's also become a target for online predators. A recentBloomberg article revealed disturbing details about predators exploiting Roblox’s ecosystem, raising urgent concerns about the platform’s safety.