-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 1/24/2015 7:15 AM, hellekin wrote:
> today the French newspaper Le Monde published information on a > secret NSA program, MORECOWBELL [0], that reveals the agency has > been using the DNS infrastructure to monitor host and website > activity across the Internet. I have not found & delved into the MCB documents in depth, but from the cursory description, this sound like nothing more than Passive DNS monitoring, which is a common practice, especially in the Internet Security community. pDNS does nothing more than track historical resolution data between recursive and authoritative DNS servers, and in fact does *not* track queries made between stub/end-systems and recursive resolvers, so there is no tracking of *who* made any specific DNS query. Here is a pretty good reference for pDNS: https://archive.farsightsecurity.com/Passive_DNS/ Cheers, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2 "I am tormented with an everlasting itch for things remote. I love to sail forbidden seas." - Herman Melville -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlTDulcACgkQKJasdVTchbKs8gD/cJS3AuzG41hSF8dmDuz/006S aEXR6rgmO0FKkI7ra/MBAKBK1PhiHvCXFIt5UjxafXdTlz8ca9oSiBh5opA2oA2v =S3CV -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
