1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Researcher releases DNS Greylisting tool for Phishing defense

Discussion in 'CSO' started by RSS, Aug 3, 2016.

  1. RSS

    RSS New Member Member

    LAS VEGAS - At the BSides Las Vegas conference on Wednesday, a hacker by the name of Munin, and his research partner Nik LaBelle, are releasing a tool and giving a talk on an interesting concept - DNS Greylisting.

    The idea isn't new, but how the process is being applied could help administrators defend their networks from Phishing attacks and other threats.

    Phishing can be mitigated with blacklists, but that requires that the Phishing domain be known to the organization, and by the time that happens – it's too late. Whitelisting works too, but only for organizations that communicate with a limited number of domains.

    That's when Munin came to a realization. The workflow for many Phishing attacks requires the victim to make a DNS request that is controllable on the victim's network, and would be sufficiently different from regular traffic, constituting a detectable signal.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page