Passive DNS has the potential to assist various IT security roles, including Penetration Testers.  Take a look at the highlights below to get a clear understanding of how Passive DNS can provide you with deeper insights into the security of the networks you are evaluating.

Search for all the DNS records relating to the subnets of the domain you are investigating, to highlight what different functions the servers are being used for.  Things to look out for:

  • A host named “firewall.yourcustomerdomain.com” suggests a high likelihood that this is the firewall, allowing you to select the relevant testing tools you should be using on this type of domain.
  • A host named “webdevel.anothersite.com” is likely to be a domain where development is run from, and could yield some interesting penetration results.
  • Look for any IP addresses running live versions of outdated software – this has the potential to increase the attack surface.

Using the information gathered in the above steps, you may uncover subnets which exist as part of the infrastructure, which you weren’t aware of, but are of interest to you. Use Passive DNS to drill down into the newly discovered networks.

Related Products

DNS Firewall Threat Feeds

Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.

These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.

  • Reduce IT costs
  • Set and forget
  • Save money on risk insurance

Resources

Passive DNS – Spamhaus’ newest release

27 May 2019

Blog

This is a simple to use, effective and fast investigation tool. With all the expected features of Passive DNS, and some unique features including ‘Fuzzy’ search to make investigating easier. Want to find out more?…

What is Passive DNS? A beginner’s guide

13 August 2018

Blog

Understand how Passive DNS is changing the way Security and Marketing professionals operate when it comes to identifying cyber threats and fraud.

Ways to use Passive DNS: Brand Protection Specialist

13 August 2018

Blog

Read how Passive DNS can help organizations uncover spoofed domains that can potentially damage their brand reputation.