Any plans to enhance the Pihole feature set with malformed dns query detection/prevention and domain generation algorithm detections. Maybe a categorization engine applied of some type?
Please elaborate on what you would like to see exactly to avoid any misunderstandings early on.
- malformed dns query detection/prevention
Malformed packets that cannot be parsed are discarded. This fact is logged. There may be edge cases where this is not working as you expected - do you have any examples for us? - domain generation algorithm detections / categorization engine
What you imply involves some very heavy computing as differentiating auto-generated phrases from human-generated phrases quickly becomes very tricky when you look at other languages next to English which will make perfectly valid human-provided domains. We will also need some examples and more reasoning for why it'd be useful to invest all this work to get a justification.
Agree with Dan. Newly registered domains could be assessed, there are passive DNS services that might be used to glean this information and significantly enhances threat defense. Newly registered domains are relatively common sources of malicious emergent content. There are a variety of DNS tampering methods including DNS tunneling that should be detected in the logs. Malformed to me would be atypical dns queries could be identified by Bayesian baslines or deep learning. These are typically accelerated by using chipsets now available in Intel, ARM CPUs.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.