linda

Passive DNS对安全研究非常重要，因为它可以在前期帮助我们构建出目标的基础设施结构，并且可以得到以下三方面的答案：
该域名曾经绑定过哪些IP
这个IP有没有其他的域名
该域名最早/最晚什么时候出现


Passive DNS同时也在SOC的时候起到很大的帮助。通过识别的恶意域名，可以找到其他被恶意破坏的机器。目前有很多网站允许我们访问它的 Passive DNS系统，例如：
Virustotal(https://www.virustotal.com/)、passivetotal(https://www.passivetotal.com)、CIRCL (https://www.circl.lu/services/passive-dns/)。有很多这样的网站，但是，自己在本地有一个当然会更方便。

https://github.com/gamelinux/passivedns

https://github.com/360netlab

https://archive.farsightsecurity.com/Passive_DNS_Sensor/

https://archive.farsightsecurity.com/Passive_DNS/passive_dns_hardening_handout.pdf

https://api.dnsdb.info/

http://www.iseclab.org/papers/bilge-ndss11.pdf

https://kb.isc.org/article/AA-00535/119/Operating-an-ISC-Passive-DNS-sensor.html

http://www.rsreese.com/passive-dns-collection-and-analysis-using-yaf-and-mediator/

https://github.com/gamelinux/passivedns

http://www.youtube.com/watch?v=Tz7EYQPAMzA

http://www.youtube.com/watch?v=2Jpkm7EYbaM

https://kb.isc.org/article/AA-00535/119/Operating-an-ISC-Passive-DNS-sensor.html

http://rsf.isc.org/projects/sieisc/

http://meetings.apnic.net/__data/assets/pdf_file/0017/45521/05-Merike-Kaeo-Passive-DNS.pdf

http://conferences.npl.co.uk/satin/presentations/satin2011slides-Rasmussen.pdf

DNS firewall:
http://www.senki.org/using-dns-to-protect-your-network-and-your-customers/

http://www.slideshare.net/BarryRGreene/binds-new-security-feature-dnsrpz-the-quotdns-firewallquot




https://dl.farsightsecurity.com/dist/

https://kb.isc.org/article/AA-00525/

http://www.enyo.de/fw/software/dnslogger/#3

http://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-datasheet-dns-firewall.pdf

http://www.infoblox.com/downloads/resources/defeating-advanced-persistent-threat-malware/download

原文：
http://www.xitongjiaocheng.com/ubuntu/2018/61237.html
https://paper.tuisec.win/detail/d408ff913bf0d07
https://yq.aliyun.com/articles/449555

[ 本帖最后由 linda 于 2019-4-21 11:56 编辑 ]