DNS Defence

DNSディフェンス

  The DNS system offered by Yoroi is "armed" through a complex network of Threat Intelligence. The DNS- Defence service is able to recognize whether a domain resolution is malicious or not because it is present or not within Yoroi's threat intelligence. In case the domain resolution turns out to be malicious, then the domain name desired by the victim is present within the threat intelligence with a high confidentiality and with a high "score" (compromise index), the DNS server does not resolve the domain name with the real IP address but resolves the latter through a pre-configured IP address (syncHoling technique) with controlled content thus avoiding the initiation of the malicious connection. DNS (Domain Name System), was originally developed as open protocol and, for this peculiarity, today has to be considered vulnerable to cyber attacks. To better understand the associated risks it is sufficient to remind the vulnerability areas to whom we are all subjected:


●   Footprinting: process potentially used by an attacker to learn the domain names, computer names and critical network resources IP addresses.
●   Denial of Service Attack: attempt to deny network services availability via recurrent queries to the principal network servers.
   
●   Data modification:: attempt by attackers who, after performing a successful footprint using DNS queries, try to use self generated IP packets to look like a valid network
   
●   Participant causing, potentially, huge damages or infections..
   
●   Redirection: Query redirection to servers controlled by the attacker in order to perform any possible malicious activity including, potentially, malware infiltration.


How threats are blocked 
Every real connection needs a domain resolution in order to pick up the IP address on which to set the communication itself. Nowadays more and more often DNS services are used by attackers to prevent the simple technology called "black list" from blocking their threat. Through FastFlux and Domain Name Generation Algorithm (DGA) techniques simultaneous attackers abuse the use of the DNS protocol (UDP 53) to bypass perimeter filters both in data transmission and data reception. The DNS Defence service blocks this resolution avoiding any type of connection to domains considered infected or infectious. For example, an infected host attempts to contact their C2 to send information and/or request actions to be taken on the victim. The connection by the victim takes place after the IP address of the public host to be contacted has been obtained. The DNS Defence Service is inserted in this phase by returning an IP address controlled by the defender thus preventing Malware activation.

Available filters
The Service offers DNS filters for the following categories:
●   Advertising
●   Search engines
●   News
●   Job hunting
●    Generic websites
●   Unwanted websites
●   Dangerous Websites (Also thanks to the Yoroi Threat Intel)
●   Social Networks
●   Technology
●   Messaging
●   Free time

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
pll_language		The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

DNS Defence

DNSディフェンス

How threats are blocked

Available filters

Subscribe to our early warning system