Decode your DNS traffic to provide new insights into what’s happening on your business critical networks making for more efficient planning, more economic live operation and more effective decision-making.
Analysing your DNS traffic with turing begins with an overview window which shows a summary of your traffic. Traffic information is shown in a simple graphical format where the size and colour of each dot represents the query volume and the ratio of error responses for each time segment.
The overview window helps identify where the DNS traffic shows anomalies and these periods can then be investigated further using a traffic window. Information can be filtered according to data type and the time period visualised can be filtered from a month down to a single millisecond, allowing for detailed analysis of key points of interest.
Individual packet data can be clearly visualised and segmented with a simple colour-code to identify specific query/response types. Data sorting is made simple using assorted filters that can be used individually or in combination and interactive legends make this filtering simple and intuitive.
turing has been built specifically for dealing with DNS data using a bespoke patent-pending architecture that out-performs other Big Data alternatives.
turing has a purpose-built storage and retrieval system that means that manipulating vast quantities of data is simple and fast.
The system has been built using HTML5 which means it can be viewed on any browser on any device – so no need to invest in bespoke hardware. An intuitive touch and gesture based user interface helps you to easily interact with your data.
The solution also features a rich API so you can integrate the feed into other network management systems.
turing has been used to create a unique fingerprint that can quickly identify infection by a prevalent botnet. This was done by analysing spikes in MX responses and zeroing in on the characteristics of non-resolving requests, identifying and diagnosing spam patterns. With the ability to identify such infections almost immediately, this discovery can drastically reduce the amount of spam across name servers.
turing can identify latency issues that can result in crippling transmission and processing delays. By identifying and analysing re-query traffic, Nominet has pinpointed issues with specific servers so that solutions could be found.
turing has been used to isolate and analyse an increase in SERVFAIL responses, identifying that they were the result of non-protocol compliant, long domain names (255+ bytes). This was causing problems with Google’s Public DNS and also highlighted a hidden bug within BIND. Both problems have subsequently been resolved.
The processing power of turing enabled the identification of the Index Case of a particularly aggressive piece of malware by tracking back from infected machines which were using the Domain Generation Algorithm. This has enabled the prediction and identification of subsequent infections, severely limiting the spread of this particular malware.
Through analysis of source ports, turing can identify Kaminsky-style blind spoofing/caching attacks, detecting when resolvers are not choosing ports at random. By identifying non-random resolvers, Nominet has detected and prevented Man-in-the-middle attacks.