When civil investigators and law enforcement officers aggressively pursue and takedown cyber criminal enterprises, that undertaking should be subject to an important limitation: their online operations must be narrowly and precisely targeted so as to avoid harming innocent third parties.
For example, when evaluating an abused domain name for seizure, investigators need to ensure that innocent third parties are not also using that domain.In his presentation, I will provide an overview of Passive DNS and how it can help investigators to reduce or eliminate collateral damage during takedowns, thereby avoiding negative publicity and potentially costly settlements.
Dr. Paul Vixie is the CEO of Farsight Security. He previously served as President, Chairman and Founder of Internet Systems Consortium (ISC), as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He served on the ARIN Board of Trustees from 2005 to 2013, and as Chairman in 2008 and 2009. Vixie is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8, and he hired many of the people who wrote BIND 9. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). He earned his PhD from Keio University for work related to the Internet Domain Name System (DNS and DNSSEC).