{"id":3596,"date":"2014-02-18T11:00:09","date_gmt":"2014-02-18T11:00:09","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=3596"},"modified":"2020-05-06T10:31:36","modified_gmt":"2020-05-06T17:31:36","slug":"improved-security-through-dns-inspection-part-2","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/","title":{"rendered":"Improved Security Through DNS Inspection (Part 2)"},"content":{"rendered":"<p>In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Fast_flux\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Fast-Flux<\/a>\u00a0DNS techniques to rapidly change the server&#8217;s hosting malware.\u00a0 Attackers control malware to change the DNS behavior on the end-user\u2019s computer or server.\u00a0 In this blog we are going to discuss the various techniques at your disposal to help gain visibility to these types of attacks.\u00a0 We also cover techniques for stopping these security incidents right from the start of infection.<\/p>\n<h2 id=\"toc-hId-649788220\">Response Policy Zones (RPZ)<\/h2>\n<p>One method to increase the security of an enterprise via DNS is to use\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Response_policy_zone\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Response Policy Zone<\/a>\u00a0(RPZ) mechanisms.\u00a0\u00a0<a href=\"https:\/\/dnsrpz.info\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">RPZ<\/a>\u00a0is a method of sharing DNS firewall information with DNS software like\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/BIND\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">BIND<\/a>.\u00a0 Based on the validity of the queried domain, the recursive DNS resolver can chose to allow or block the query, thus blocking the connection from taking place.\u00a0 Organizations can pre-populate the policy with malicious domains or addresses or could obtain a \u201cfeed\u201d of malicious Internet sites from another source.\u00a0 This is a type of reputation filtering but it is DNS-based rather than implemented in the firewall or IPS.\u00a0 This type of a solution can help prevent inbound unsolicited spam e-mail and help prevent end-users from connecting to sites hosting malware or botnet command and control networks.<\/p>\n<h2 id=\"toc-hId-678417371\">Infoblox DNS Security Solution<\/h2>\n<p>The first component of Infoblox\u2019s secure DNS infrastructure is the Infoblox Advanced DNS Protection.\u00a0 This is a set of techniques that help thwart the most common attacks against the DNS infrastructure itself.\u00a0 The Infoblox DNS servers can detect, mitigate and alert if they are being attacked.\u00a0 The DNS security settings are configurable and tunable to suit the organization.\u00a0 Infoblox DNS systems are security hardened and even meet the government\u2019s\u00a0<a href=\"https:\/\/www.niap-ccevs.org\/st\/index.cfm?vid=10465&amp;CFID=18983113&amp;CFTOKEN=d2332f3eb9ac5f4b-2311CB31-EC04-3DC1-BB30B462AF67873D\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">EAL-2<\/a>\u00a0certification.\u00a0 The Infoblox fortified appliances provide high availability and clustered resiliency through the Infoblox\u00a0<a href=\"http:\/\/www.infoblox.com\/products\/dns-dhcp-services\/grid?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Grid<\/a>\u00a0system.<\/p>\n<p>Following is a diagram of the Infoblox Advanced DNS Protection system<\/p>\n<p>&nbsp;<\/p>\n<p>Source:\u00a0<a href=\"http:\/\/www.infoblox.com\/products\/dns-dhcp-services\/grid?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">http:\/\/www.infoblox.com\/products\/dns-dhcp-services\/grid<\/a><\/p>\n<p>The Infoblox DNS servers block the attacks while maintaining proper operation for the legitimate queries.\u00a0 The reporting server gives the DNS administrator up-to-the-minute reports on the security status and performance.<\/p>\n<p>The second component of Infoblox\u2019s secure DNS infrastructure is the Infoblox DNS Firewall.\u00a0 The Infoblox DNS security firewall component performs DNS forensics and prevents systems from communicating with malicious Internet sites.\u00a0 It does this by integrating with your security perimeter system and by using RPZ technology to stop the DNS request from allowing the attack connectivity to take place.\u00a0 The Infoblox DNS Firewall can easily integrate with the\u00a0<a href=\"http:\/\/www.fireeye.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">FireEye\u2019s<\/a>\u00a0malware protection system.<\/p>\n<p>Following is a picture of how this DNS firewall operates.<\/p>\n<p>&nbsp;<\/p>\n<p>Source:\u00a0<a href=\"http:\/\/www.infoblox.com\/products\/infrastructure-security\/dns-firewall?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">http:\/\/www.infoblox.com\/products\/infrastructure-security\/dns-firewall<\/a><\/p>\n<p>The DNS firewall inspects all DNS traffic that is passing in and out of an organization.\u00a0 It is able to find the \u201cneedle in a haystack\u201d and disarm malware before it starts to operate.\u00a0 The DNS firewall then provides reports and data extracts to other Security Information Event Management Systems (SIEMS) for security practitioners to take action to remediate the infections.<\/p>\n<h2 id=\"toc-hId-707046522\">Operationalizing DNS Inspection and Firewalling<\/h2>\n<p>Organizations need to start to realize that they may not be able to stop the malware from entering the organization using traditional firewalls and IPS systems.\u00a0 Firewalls typically allow TCP port 80 and 443 (Web browsing), and TCP and UDP port 53 (DNS traffic) to pass through unobstructed.\u00a0 Most malware leverages these weak outbound security policies to infect an enterprise\u2019s internal computers.\u00a0 If the assumption is made that the malware is already on the internal systems, then the focus should be on rapid early detection and remediation.\u00a0 The first activity that a piece of malware will perform is to make a DNS query for an Internet-based system.\u00a0 This could either be to \u201cphone home\u201d and connect to a command and control system or make a connection to download additional malware.\u00a0 It may not be possible to prevent against the initial infection, but DNS provides that first evidence of an attack.<\/p>\n<p>Most organizations seem to think that the job is done once the security system is procured.\u00a0 However, we know that incorporating people and processes with the technology yield the best results.\u00a0 Organizations need to consider the operational aspects, reports, and process for remediation (workflow) when these types of DNS attacks occur.<\/p>\n<p>The good news is that with these Infoblox DNS security features, it is easy to tie this into a process of continuous security monitoring.\u00a0 In fact, U.S. government organizations have a goal to implement\u00a0<a class=\" bf_ungated_init\" href=\"http:\/\/csrc.nist.gov\/publications\/drafts\/nistir-7799\/Draft-NISTIR-7799.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Continuous Monitoring<\/a>\u00a0of\u00a0security threats.\u00a0 To this end, NIST has drafted a document describing this approach. \u00a0The Infoblox DNS Firewall and the Trinzic Reporting utility for\u00a0<a href=\"http:\/\/www.infoblox.com\/products\/dns-dhcp-services\/trinzic-reporting\/splunk?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Splunk<\/a>\u00a0could give added situational awareness to any IT department.<\/p>\n<h2 id=\"toc-hId-735675673\">Summary<\/h2>\n<p>Inspecting DNS packets on your network is a valuable forensic capability that you should obtain.\u00a0 DNS firewalling gives organizations the ability to quickly detect malicious incidents occurring in their environments and arm them with the ability to prevent these attacks right from the start.\u00a0 Even if you acquire this DNS firewalling and forensic capability, your organization will still need to work through the operational aspects of owning such a system.\u00a0 Acquiring the technology is just one parameter of the equation.\u00a0 Having well-trained people who know how to use a well-documented and disciplined process will maximize the investment and produce the best results.<\/p>\n<p>Scott<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server&#8217;s hosting malware.\u00a0 Attackers control malware to change the DNS behavior on the end-user\u2019s computer or server.\u00a0 In this blog we are going to discuss the various techniques at your disposal to [&hellip;]<\/p>\n","protected":false},"author":321,"featured_media":2730,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[30,16,15],"class_list":{"0":"post-3596","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-dns","9":"tag-infoblox","10":"tag-security","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Improved Security Through DNS Inspection (Part 2)<\/title>\n<meta name=\"description\" content=\"In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server&#039;s hosting malware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improved Security Through DNS Inspection (Part 2)\" \/>\n<meta property=\"og:description\" content=\"In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server&#039;s hosting malware.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-02-18T11:00:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:31:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/april-14-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Scott Hogg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scott Hogg\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/\"},\"author\":{\"name\":\"Scott Hogg\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\"},\"headline\":\"Improved Security Through DNS Inspection (Part 2)\",\"datePublished\":\"2014-02-18T11:00:09+00:00\",\"dateModified\":\"2020-05-06T17:31:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/\"},\"wordCount\":896,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/april-14-2.jpg\",\"keywords\":[\"DNS\",\"Infoblox\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/\",\"name\":\"Improved Security Through DNS Inspection (Part 2)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/april-14-2.jpg\",\"datePublished\":\"2014-02-18T11:00:09+00:00\",\"dateModified\":\"2020-05-06T17:31:36+00:00\",\"description\":\"In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server's hosting malware.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/april-14-2.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/april-14-2.jpg\",\"width\":660,\"height\":454,\"caption\":\"Cable & Wireless Panama: Infoblox Helps Telecom Provider Protect From Attacks and Boost Uptime\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/improved-security-through-dns-inspection-part-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Improved Security Through DNS Inspection (Part 2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ee71ac61fe2ea349f6e991e628d22f4c\",\"name\":\"Scott Hogg\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_321_1574118215-96x96.jpg\",\"caption\":\"Scott Hogg\"},\"description\":\"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.\",\"sameAs\":[\"https:\\\/\\\/hexabuild.io\"],\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/scott-hogg\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Improved Security Through DNS Inspection (Part 2)","description":"In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server's hosting malware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/","og_locale":"en_US","og_type":"article","og_title":"Improved Security Through DNS Inspection (Part 2)","og_description":"In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server's hosting malware.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/","og_site_name":"Infoblox Blog","article_published_time":"2014-02-18T11:00:09+00:00","article_modified_time":"2020-05-06T17:31:36+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/april-14-2.jpg","type":"image\/jpeg"}],"author":"Scott Hogg","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Scott Hogg","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/"},"author":{"name":"Scott Hogg","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c"},"headline":"Improved Security Through DNS Inspection (Part 2)","datePublished":"2014-02-18T11:00:09+00:00","dateModified":"2020-05-06T17:31:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/"},"wordCount":896,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/april-14-2.jpg","keywords":["DNS","Infoblox","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/","url":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/","name":"Improved Security Through DNS Inspection (Part 2)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/april-14-2.jpg","datePublished":"2014-02-18T11:00:09+00:00","dateModified":"2020-05-06T17:31:36+00:00","description":"In the previous blog post on DNS traffic inspection we covered how attackers target DNS systems.\u00a0 Attackers use\u00a0Fast-Flux\u00a0DNS techniques to rapidly change the server's hosting malware.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/april-14-2.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/april-14-2.jpg","width":660,"height":454,"caption":"Cable & Wireless Panama: Infoblox Helps Telecom Provider Protect From Attacks and Boost Uptime"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/improved-security-through-dns-inspection-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"Improved Security Through DNS Inspection (Part 2)"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ee71ac61fe2ea349f6e991e628d22f4c","name":"Scott Hogg","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_321_1574118215-96x96.jpg","caption":"Scott Hogg"},"description":"Scott Hogg has 30 years of network and security experience and is president of Hogg Networking with. Scott Hogg specializes in teaching Internet Protocol version 6 (IPv6) and providing implementation guidance. Scott is CCIE #5133 (Emeritus) and CISSP #4610. Scott is Chair Emeritus of the Rocky Mountain IPv6 Task Force (RMv6TF), a member of the IPv6 Center of Excellence (COE), and co-author of the Cisco Press book on IPv6 Security.","sameAs":["https:\/\/hexabuild.io"],"url":"https:\/\/www.infoblox.com\/blog\/author\/scott-hogg\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/321"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=3596"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3596\/revisions"}],"predecessor-version":[{"id":3597,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/3596\/revisions\/3597"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2730"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=3596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=3596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=3596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}