90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!
'ipconfig /displaydns' display over 200 DNS unrecognized, should we worry
We are having a problem with a connection and came upon recommended task where we were instructed to run the line "ipconfig /displaydns". This displayed a series of sites unrecognized to us.
The result showed over 200 DNS and with the list actual sites and IPs. The sites are in line "Record Name . . . . . :" and "CNAME Record . . . . : ", the IPs are in line "A (Host) Record . . . :".
For example:
and
So we wanted to know,
The result showed over 200 DNS and with the list actual sites and IPs. The sites are in line "Record Name . . . . . :" and "CNAME Record . . . . : ", the IPs are in line "A (Host) Record . . . :".
For example:
in.greta.io
----------------------------------------
Record Name . . . . . : in.greta.io
Record Type . . . . . : 1
Time To Live . . . . : 41482
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 35.186.212.13
and
p2-eiiarhhxducde-vnxdzw56kwg3gh6t-299593-i1.stbcast3-stb.metric.gstatic.com
----------------------------------------
Record Name . . . . . : p2-eiiarhhxducde-vnxdzw56kwg3gh6t-299593-i1.stbcast3-stb.metric.gstatic.com
Record Type . . . . . : 1
Time To Live . . . . : 79151
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 216.239.32.62
So we wanted to know,
- what is causing this?
- should we worry?
- what should we do?
Asked:
5-
4
3
4 Solutions
Even during the most simple browsing session, your browser fires away countless of cloud based services (be it Google, ad services or content delivery networks). In your case, those are still normal requests you make on a more busy website (news outlet or such).
Understood and gives a relief.
However, if we were check them out, recommended steps you guys recommend?
However, if we were check them out, recommended steps you guys recommend?
Would require extreme knowledge of all hosts. I know in.greta.io is checking for CDN, while gstatic is Google owned. For you to do that, takes you a lot of time to find out, making it a 24/7 job to keep up with all the hostnames used every day.
You could use some algorithm to lessen the load as times go by (slowly whitelisting the known ones), but still requires a lot of time.
You could use some algorithm to lessen the load as times go by (slowly whitelisting the known ones), but still requires a lot of time.
Ok, prior closing the question, can you suggest some of "bit more research"? (just a little to direct us the right way)
It depends on what kind of research you want to do. If you are just concerned about browser activity then something like Privacy Badger (from the EFF https://www.eff.org/privacybadger) or uBlock Origin can do logging and blocking and show you a lot of resources that are being pulled from. You can also hit F12 when in your browser and you can explore all the elements.
More in depth would be to use wireshark on your computer and filter by DNS...
But if you're looking for general security knowledge then I have to say that the landscape is always changing. Following blogs or podcasts is how I keep up with it.... as best I can.
More in depth would be to use wireshark on your computer and filter by DNS...
But if you're looking for general security knowledge then I have to say that the landscape is always changing. Following blogs or podcasts is how I keep up with it.... as best I can.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
This course teaches how to install and configure Windows Server 2012 R2. It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
As an example, this Experts Exchange page here is pulling from the following domains when looking at the stats in my browser:
www.experts-exchange.com
cdn.experts-exchange.com
expertsexchange.112.2o7.ne
filedb.experts-exchange.co
And I'm using uBlock Origin so this is going to be greatly reduced.