RPZ: defending against malware via DNS

Hugo Connery Technical University of Denmark

Response Policy Zone (RPZ) is an enhancement of the BIND Domain Name server which provides configurable domain name filtering from locally defined and/or external repuation data providers.

RPZ defends against malware, and can easily be deployed as a 'set and forget' strategy to increase client security, independently of client hardware or operating system. RPZ log data can also be used to identify compromised systems.

Following an introduction to RPZ and its deployment, a case study highlighting identification of compromised systems, and defence against phishing attacks will be presented.

A FOSS toolkit (RPZLA) using frequency and timing analysis of the log data to identify compromised systems will be demonstrated.

This work has been supported by Spamhaus, who offer a gratis, real-time RPZ reputation data feed to the research community. The data used and presented is gathered from a network of production client systems that were utilizing BIND recursive resolvers that were configured with the Spamhaus RPZ data feed.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.