Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Presentation

Detecting Traffic to Recently Unparked Domains with Analysis Pipeline

  • January 2016
  • By Daniel Ruef
  • In this presentation, the authors discuss using Analysis Pipeline to detect (1) changes in the control plane and (2) data going to recently unparked IP addresses.
  • Network Situational Awareness
  • Publisher: CERT Division
  • Abstract

    The IP address associated with a domain name can be changed back and forth from being route-able to unroute-able. The changing of a domain name's associated IP address can potentially indicate the turning on of a C2 server. This presentation walks through how to use Analysis Pipeline to detect these changes in the control plane and to detect any data going to these recently unparked IP addresses.

  • Download

Part of a Collection

FloCon 2016 Presentations