Ports Distribution Management for Privacy Protection inside Local Domain Name System
作者: Fei Song , Wei Quan , Tianming Zhao , Hongke Zhang , Ziwei Hu
关键词:
摘要: Domain Name System (DNS) had been recognized as an indispensable and fundamental infrastructure of current Internet. However, due to the original design philosophy easy access principle, one can conveniently wiretap DNS requests responses. Such phenomenon is a serious threat for user privacy protection especially when inside hacking takes place. Motivated by such circumstances, we proposed ports distribution management solution relieve potential information leakage local DNS. Users will be able utilize pre-assigned port numbers instead default 53. Selection method at server side interactive process with corresponding end host are investigated. The necessary implementation steps, including modifications destination field, extension option usage, etc., also discussed. A mathematical model presented further evaluate performance. Both possible blocking probability utilization illustrated. We expect that this beneficial not only users in security enhancement, but servers resources optimization.
acm.org
sci-hub.se 参考文章(26)
Roy Arends, Scott Rose, Dan Massey, Matt Larson, Rob Austein, Protocol Modifications for the DNS Security Extensions RFC. ,vol. 4035, pp. 1- 53 ,(2005)
John S. Otto, Mario A. Sánchez, John P. Rula, Fabián E. Bustamante, Content delivery and the natural evolution of DNS: remote dns trends, performance issues and alternative solutions internet measurement conference. pp. 523- 536 ,(2012) , 10.1145/2398776.2398831
Sandeep Yadav, Ashwath Kumar Krishna Reddy, A. L. Narasimha Reddy, Supranamaya Ranjan, Detecting algorithmically generated domain-flux attacks with DNS traffic analysis IEEE ACM Transactions on Networking. ,vol. 20, pp. 1663- 1677 ,(2012) , 10.1109/TNET.2012.2184552
Shuang Hao, Nick Feamster, Ramakant Pandrangi, Monitoring the initial DNS behavior of malicious domains Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference - IMC '11. pp. 269- 278 ,(2011) , 10.1145/2068816.2068842
Kensuke Fukuda, Towards passive DNS software fingerprinting asian internet engineering conference. pp. 9- 16 ,(2013) , 10.1145/2534142.2534144
Nicole M. Hands, Baijian Yang, Raymond A. Hansen, A Study on Botnets Utilizing DNS Proceedings of the 4th Annual ACM Conference on Research in Information Technology. pp. 23- 28 ,(2015) , 10.1145/2808062.2808070
Roland van Rijswijk-Deij, Anna Sperotto, Aiko Pras, DNSSEC and its potential for DDoS attacks: a comprehensive measurement study internet measurement conference. pp. 449- 460 ,(2014) , 10.1145/2663716.2663731
Amir Herzberg, Haya Shulman, DNS authentication as a service: preventing amplification attacks annual computer security applications conference. pp. 356- 365 ,(2014) , 10.1145/2664243.2664281
William R. Claycomb, Detecting Insider Threats: Who Is Winning the Game? computer and communications security. pp. 51- 51 ,(2015) , 10.1145/2808783.2808794
Hitesh Ballani, Paul Francis, Mitigating DNS DoS attacks Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 189- 198 ,(2008) , 10.1145/1455770.1455796