1. #Because Detection is Cool but Proactivity is Better!

2. •What’s CleanDNS?
•Why CleanDNS?
•How CleanDNS works?
•Future of CleanDNS

3.  Computer viruses are not different from
Biology viruses.To occurs any infection two
principal components are needed:
 A vulnerable “body”:
▪ Low detection rates for that virus or even a weak
immunization system.
 A vector:
▪ Road for a virus to infect a “body”.

4.  There are many other tools aiming to get a
higher immunization rates or to prevent virus
to enter “body”.
 CleanDNS aims to prevent the first phase of
virus journey to infect a “body”.
 A DNS request/response transaction.

5.  Why DNS?
 Three major considerations:
▪ Any advanced malware or botnets writer using direct IP
address to callback should be slapped at face.Will be
caught or will be deactivated in a hurry.
▪ DNS is the heart of Internet Protocol (old but gold), any
single request to other protocol (HTTP, SMTP, FTP, SIP,
whatever) will trigger a DNS request first.
▪ Different from others protocols, DNS still is a clean
traffic, nor encrypted or even encoded. (Keep it simple).

6.  CleanDNS is a DNS Recursive Front-End
technology to prevent DNS malformed or
known malicious request/responses.
 CleanDNS will protect ALLYOUR End Users
and Servers at once with a single DNS
topology rearrangement.

7.  Spear-PhishingCampaignsTargeting Employees Increased 55 Percent in 2015.
 (Symantec ISTR Report 2015);
 Major SecurityVulnerabilities inThree Quarters of PopularWebsites Put Us All at
Risk.
 (Symantec ISTR Report 2015);
 Ransomware Increased 35 Percent in 2015.
 (Symantec ISTR Report 2015);
 Symantec Blocked 100 Million FakeTechnical Support Scams in 2015.
 (Symantec ISTR Report 2015);
 44% of Information SecurityOfficers consider Phishing as one of majors threats.
 (Ernst &Young Global Research for Information Security – 2015)
 43% of Information Security Officers consider Malware as one of majors threats.
 (Ernst &Young Global Research for Information Security – 2015)

8.  Do you have IoT antivirus right?
 The volume of Android variants increased by 40
percent in 2015, compared with 29 percent growth in
the previous year.
▪ (Symantec ISTR Report 2015);
 SmartTVs. Hundreds of millions of Internet-
connected TVs are potentially vulnerable to click
fraud, botnets, data theft, and even ransomware,
according to Symantec research.
▪ (Symantec ISTR Report 2015);

9.  Online advertising (+5% / year) and Mobile
advertising (+60% /year) are growing.
 (KPCB InternetTrends 2016)
 E-Commerce retail sales rates are growing
(+10% of total US retail sales 2015)
 (KPCB InternetTrends 2016)
 By 2020 we will have 20.8 billion internet
connected devices.
 (Symantec ISTR Report 2015);

10.  OK… Now we are talking about!
 CleanDNS has three Main Security Layers:
 1 – A DNSTraffic INLINE Network IPS;
 2 – A DNS Multisource Malware Domain Sinkhole;
 3 – A Secure DNS Service Last Resource;

11.  DNSTraffic INLINE Network IPS;
 Protect CleanDNS DNS Service itself;
 Prevent malformed DNS traffic:
▪ LowerTTLs requests;
▪ DNS Floods;
▪ DNS Poisons;
 Prevent DNSTunneling;

12.  DNS Multisource Malware Domain Sinkhole:
 Download and De-duplicate Malware related and other
malicious activities related domain names:
▪ Open Projects:
▪ Malware Domain Blocklist;
▪ RansomwareTracer;
▪ ZeusTracker;
▪ Malware Domain List;
▪ Url Blacklist;
▪ Shalla’s Blacklist;
▪ Dshield;
▪ Commercial (Maybe they can support this Project):
▪ Trend Micro;
▪ Symantec;
▪ McAfee;

13.  A Secure DNS Service Last Resource:
 CleanDNS uses OpenDNS servers as last resource
to prevent traffic not yet recognized by first two
layers;

14.  We expect to be part of any Security
Professional strategy as a Simple yet
Powerful concept to prevent malware and
other malicious activities.
#Because Detection is Cool but Proactivity is Better!

15. #Because Detection is Cool but Proactivity is Better!
• Project Page: https://www.facebook.com/cleandns
• Download: https://cleandns.sourceforge.net