Speaker
Description
A network management system (NMS) is a vital tool to be used in a corporate network. It ensures that Quality of Service (QoS) policies are correctly applied, but can also have a great impact over the network security preventing attacks and blocking the ongoing actions of attackers in enterprise networks. The current work presents an implementation of an out-of-band NMS with the primary purpose of detecting and blocking ongoing Domain Name System (DNS) exfiltration attacks which are triggered by other hosts in the network. The secondary purpose of the NMS is to adjust the QoS policies of the other devices in the network manipulating the value of the DifferentiatedServices (DiffServ) field of the IP packets. The solution is implemented using the SharpPcap framework for automated packet processing with the desire to make this system open source for further development. An experimental setup was created using a wiretap for traffic duplication to an out-of-band monitoring device. The experimental work proves that the solution is effective in detecting dictionary-based DNS exfiltration attacks and is successful in blocking the attacker from the network.
