Presentation, Algorithms for extraction and visualization of
metadata from Domain Name Server records -- Algorithms for extraction and visualization of
metadata from Domain Name Server records
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Txdns
1. Universidade Lusófona de Humanidades e Tecnologias
Instituto de Telecomunicações
Universidade da Beira Interior
Algorithms for extraction and visualization of
meta-data from Domain Name Server records
Arley Leal Silveira
Nuno M. Garcia
arleybls@gmail.com, ngarcia@professores.ulusofona.pt
== MESH 2010, 20th July 2010, Mestre / Venice, Italy ==
2. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Agenda
Introduction / Motivation
Algorithms
Results
Conclusions
ngarcia@professores.ulusofona.pt 2
3. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Introduction
Domain Name System is a distributed
hierarchical network service / infra-structure
that contains the relations between the names
and the IP addresses of machines who deliver
services over an IP network.
Typically a large organization deploys its own
DNS server(s).
To manage the information in these servers can
be ... troublesome.
ngarcia@professores.ulusofona.pt 3
4. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Introduction / Motivation
“ If you know the enemy and know yourself, you
need not fear the result of a hundred battles. If
you know yourself but not the enemy, for every
victory gained you will also suffer a defeat. If
you know neither the enemy nor yourself, you
will succumb in every battle.”
Sun Tzu, the Art of War
ngarcia@professores.ulusofona.pt 4
5. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
There are a number of tools which already
do this (DioNiSio, dnsmap, dnsenum, ...)
We combined all the goodies from other tools,
and added typing errors (several flavours)
and transposition.
ngarcia@professores.ulusofona.pt 5
6. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
We can query the DNS database, to look for
responses for URL names.
We can use a number of strategies
TLD rotation
brute force
dictionary attack
typing errors
ngarcia@professores.ulusofona.pt 6
7. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
TDL rotation
brute force
dictionary attack
typing errors
Can be used conjointly, and deploying threads.
ngarcia@professores.ulusofona.pt 7
8. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
TLD rotation
uses the TLD definition from IANA
looks for domains which are similar to the
one we want, except on the TLD domain
suffix, incluing second level TLD domains.
ngarcia@professores.ulusofona.pt 8
9. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
TLD
rotation
ngarcia@professores.ulusofona.pt 9
10. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
Brute force
generates random words from a set of
characters and numbers, up to a defined
length
looks for sub-domains of the domain we
want.
ngarcia@professores.ulusofona.pt 10
11. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
Brute
force
ngarcia@professores.ulusofona.pt 11
12. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
Dictionary attack
uses words from a list (dictionary)
looks for sub-domains of the domain we
want.
ngarcia@professores.ulusofona.pt 12
13. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
Dictionary
attack
ngarcia@professores.ulusofona.pt 13
14. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
Typing errors
uses three different approaches
transposition (using the key close the one you
wanted to type)
double typing (doublee typingg)
omission (omssion)
looks for domains that are similar to the domain
we want.
ngarcia@professores.ulusofona.pt 14
15. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Algorithms
Typing
errors
ngarcia@professores.ulusofona.pt 15
16. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Integration with a visualization tool
txdns is usable with Maltego from Paterva
to achieve this, the standard output of the tool
was redirected to an XML stream formatted
according to the rules of Maltego;
you also need to create a resource, and add a
DNS context to the Maltego workspace;
Maltego allows for a intuitive visualization of
the data, and to query again a previously
obtained result.
ngarcia@professores.ulusofona.pt 16
17. Algorithms for extraction and visualization of meta-data from Domain Name Server records
ngarcia@professores.ulusofona.pt 17
18. Algorithms for extraction and visualization of meta-data from Domain Name Server records
ngarcia@professores.ulusofona.pt 18
19. Algorithms for extraction and visualization of meta-data from Domain Name Server records
Conclusions
txdns implements several strategies and algorithms to query the
DNS infrastructure;
it is deployable using threads, and it was build in C, so it is
portable;
may be integrated with visualization tools such as Paterva’s
Maltego;
both the executable file and the source code are avaliable online ate
http://netlab.ulusofona.pt/id
Thank you. Questions?
ngarcia@professores.ulusofona.pt 19
20. Algorithms for extraction and visualization of meta-data from Domain Name Server records
CONCLUSIONS
txdns implements several Thank you!
strategies and algorithms to
query the DNS
Questions?
infrastructure;
it is deployable using Algorithms for extraction and
threads, and it was build in
C, so it is portable; visualization of meta-data from
may be integrated with Domain Name Server records
visualization tools such as
Paterva’s Maltego;
Arley Leal Silveira
both the executable file and
Nuno M. Garcia
the source code are avaliable
online ate http:// arleybls@gmail.com, ngarcia@professores.ulusofona.pt
netlab.ulusofona.pt/id MESH 2010, 20th July 2010, Mestre / Venice, Italy
ngarcia@professores.ulusofona.pt 20