Security Monitoring of DNS traffic
نویسنده
چکیده
The Domain Name System (DNS) is a critical part of the Internet. This paper analyzes methods for passive DNS replication and describes the replication setup at the University of Auckland. Analysis of the replicated DNS traffic showed great dependency of collaborative anti-spam tools on the DNS. These tools also put a great burden on the DNS. This paper discusses analyzed anomalies in the replicated DNS traffic: typo squatter and fast flux domains, private IP address space leaks and non recommended characters in DNS names. Future applications of passive DNS replication are also discussed.
منابع مشابه
Detecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملDetecting Malware Domains at the Upper DNS Hierarchy
In recent years Internet miscreants have been leveraging the DNS to build malicious network infrastructures for malware command and control. In this paper we propose a novel detection system called Kopis for detecting malware-related domain names. Kopis passively monitors DNS traffic at the upper levels of the DNS hierarchy, and is able to accurately detect malware domains by analyzing global D...
متن کاملHypervisor-based Security Architecture for Validating DNS Services (Poster)
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor base...
متن کاملDetection of DNS Traffic Anomalies in Large Networks
Almost every Internet communication is preceded by a translation of a DNS name to an IP address. Therefore monitoring of DNS traffic can effectively extend capabilities of current methods for network traffic anomaly detection. In order to effectively monitor this traffic, we propose a new flow metering algorithm that saves resources of a flow exporter. Next, to show benefits of the DNS traffic ...
متن کاملBotnet Detection Through Fine Flow Classification
The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...
متن کامل