Going Wild: Large-Scale Classification of Open DNS Resolvers
作者: Marc Kührer , Thomas Hupperich , Jonas Bushart , Christian Rossow , Thorsten Holz
关键词:
摘要: Since several years, millions of recursive DNS resolvers are-deliberately or not-open to the public. This, however, is counter-intuitive, since operation such openly accessible necessary in rare cases only. Furthermore, open enable both amplification DDoS and cache snooping attacks, can be abused by attackers multiple other ways. We thus find remain one critical phenomenon on Internet.In this paper, we illuminate analyzing it from two different angles. On hand, study landscape based empirical data collected for over a year. analyze changes time classify according device type software version. take viewpoint client measure response authenticity these resolvers. Besides legitimate redirections (e.g., captive portals router login pages), deliberately manipulate resolutions (i.e., return bogus IP address information). To understand threat more detail, systematically non-legitimate responses reveal that censor communication channels, inject advertisements, serve malicious files, perform phishing, redirect kinds suspicious activities.
acm.org
christian-rossow.de参考文章(27)
Marc Kührer, Christian Rossow, Thorsten Holz, Paint It Black: Evaluating the Effectiveness of Malware Blacklists recent advances in intrusion detection. pp. 1- 21 ,(2014) , 10.1007/978-3-319-11379-1_1
Takeshi Takahashi, Yuuki Takano, Ruo Ando, A Measurement Study of Open Resolvers and DNS Server Version インターネットコンファレンス論文集. pp. 23- 32 ,(2013)
Douglas C. MacFarland, Craig A. Shue, Andrew J. Kalafut, Characterizing Optimal DNS Amplification Attacks and Effective Mitigation passive and active network measurement. pp. 15- 27 ,(2015) , 10.1007/978-3-319-15509-8_2
Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos, Peeking through the cloud: DNS-based estimation and its applications applied cryptography and network security. pp. 21- 38 ,(2008) , 10.1007/978-3-540-68914-0_2
Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan, Jianping Wu, None, Ghost Domain Names: Revoked Yet Still Resolvable network and distributed system security symposium. ,(2012)
Manos Antonakakis, David Dagon, Xiapu Luo, Roberto Perdisci, Wenke Lee, Justin Bellmor, A centralized monitoring infrastructure for improving DNS security recent advances in intrusion detection. pp. 18- 37 ,(2010) , 10.1007/978-3-642-15512-3_2
David Dagon, Chris Lee, Wenke Lee, Niels Provos, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority network and distributed system security symposium. ,(2008)
Rob Austein, Derek Atkins, Threat Analysis of the Domain Name System (DNS) RFC. ,vol. 3833, pp. 1- 16 ,(2004)
Xueyang Xu, Z. Morley Mao, J. Alex Halderman, Internet censorship in china: where does the filtering occur? passive and active network measurement. ,vol. 6579, pp. 133- 142 ,(2011) , 10.1007/978-3-642-19260-9_14
Qixiang Sun, D.R. Simon, Yi-Min Wang, W. Russell, V.N. Padmanabhan, Lili Qiu, Statistical identification of encrypted Web browsing traffic ieee symposium on security and privacy. pp. 19- 30 ,(2002) , 10.1109/SECPRI.2002.1004359