DNS Stands for Domain Name System. DNS is one of the most important part of internet. All the computers on the internet are connected to each other and each one of them has a unique IP address and DNS maps these IP address with their Domain names. It is easier to remember and recall names than a bunch of numbers.

Whenever you try to browse a website on a browser like http://45.76.161.5, the browser uses DNS to get the IP address of the website asknetsec.com and then connects to that IP address and downloads the webpage.

DNS communication works in a server-client model where the client is the computer that needs to resolve a domain name to an ip address and the server is a computer which has the information about Domain name to IP address mappings.

A typical DNS transaction is made up of 2 packets. A request from the client to the server and a response from the server to the client. The request packet consists dns query for the domain name and the response packet consists of answer to that query in the form of IP address for the requested domain name.

Below is a typical DNS request and response packets taken from Wireshark that shows more info on the content of the DNS transaction.

DNS Query

Dns Query packet

 

DNS Response

Dns Response packet

 

 

The DNS query contains the domain name and DNS response contains the IP address associated with that domain name.

A new android Malware has been found by Trend Micro which it claims is a successor to a Dress Code malware found earlier.

This malware uses port 22 to establish a SSH session with its Command and Control (CnC) server owned by the attacker.

As it uses SSH all the data between the Android phone and its CnC server are encrypted which makes it difficult for the enterprise security infrastructure to detect it. Security solutions cannot detect the data inside the encrypted connection unless they are doing Deep Packet Inspection of SSH traffic.

MilkyDoor Vulnerability

                                                                                    How MilkyDoor Malware Works

 

Using this SSH session the attacker can run vulnerability scan on the internal network. This is important as many enterprise allows employees to use their own phones connected to the same network as the internal infrastructure.

MilkyDoor was recently found in over 200 Android applications available through the Play Store.

It is important for the enterprise security gateway solutions to block all ports for the BYOD network except the ports necessary.

To find the your public IP address from command line (CLI) you can use the below commands for Linux and Windows Operating systems.

Linux

curl icanhazip.com

curl canihazip.com/s

These 2 commands will generate web request and show the ip address as the response of the request.

 

dig myip.opendns.com. @resolver1.opendns.com +nocomments +noquestion +noauthority +noadditional +nostats | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"

This command runs DNS query and show the resolved ip address. The dns query to myip.opendns.com. using the resolver1.opendns.com DNS resolver outputs the public IP address from where the DNS query is generated.

Please note the period (.) at the end of the myip.opendns.com., this makes sure that the DNS suffix is not added to the query and query is absolute.

Windows

nslookup myip.opendns.com. resolver1.opendns.com | find "Address"

This outputs two IP addresses and the second IP address will be your public IP address