Hugo Connery Technical University of Denmark
Response Policy Zone (RPZ) is an enhancement of the BIND Domain Name server which provides configurable domain name filtering from locally defined and/or external repuation data providers.
RPZ defends against malware, and can easily be deployed as a 'set and forget' strategy to increase client security, independently of client hardware or operating system. RPZ log data can also be used to identify compromised systems.
Following an introduction to RPZ and its deployment, a case study highlighting identification of compromised systems, and defence against phishing attacks will be presented.
A FOSS toolkit (RPZLA) using frequency and timing analysis of the log data to identify compromised systems will be demonstrated.
This work has been supported by Spamhaus, who offer a gratis, real-time RPZ reputation data feed to the research community. The data used and presented is gathered from a network of production client systems that were utilizing BIND recursive resolvers that were configured with the Spamhaus RPZ data feed.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.