[iagox86]

Hey, I'm the guy who wrote this slide deck.

You're absolutely right - as I replied to the parent, this talk has nothing to do with DNSSec, it wouldn't affect this one way or the other.

I also didn't find any great tools for finding anomalous DNS activity, but I didn't look that hard either - I wanted to get the basic functionality written before I started looking at evasion.

The traffic is definitely unusual as-is (I could make it much more discreet, but WAY slower - dnscat1 had those options), and there are definitely techniques to detect it, but I'm not sure what tools could be used.

Sorry for the useless response :)