Detecting Traffic to Recently Unparked Domains with Analysis Pipeline
• Presentation
In this presentation, the authors discuss using an Analysis Pipeline to detect (1) changes in the control plane and (2) data going to recently unparked IP addresses.
Publisher
Software Engineering Institute
Topic or Tag
Abstract
The IP address associated with a domain name can be changed back and forth from being route-able to unroute-able. The changing of a domain name's associated IP address can potentially indicate the turning on of a C2 server. This presentation walks through how to use Analysis Pipeline to detect these changes in the control plane and to detect any data going to these recently unparked IP addresses.
Part of a Collection
FloCon 2016 Presentations
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.