Analyzing Root DNS Traffic
نویسندگان
چکیده
DNS servers often fail or have bad implementations of algorithms that decrease the efficiency of the DNS system. We introduce a method for clustering misconfigured DNS sources. Using machine learning methods, we analyzed 24 hours of DNS requests that were collected on the A-root DNS server. The 50 gigabyte data set was a log containing 10-40 million requests per hour. We selected the hour of 1:00-2:00am for a detailed analysis which found clusters using principle component analysis, k-means, and linear discriminant analysis. Our results showed 5 clusters of DNS sources that are somehow misconfigured. In this paper, we provide preliminary results that were validated via discussion with DNS system operators.
منابع مشابه
Two Days in the Life of the DNS Anycast Root Servers
The DNS root nameservers routinely use anycast in order to improve their service to clients and increase their resilience against various types of failures. We study DNS traffic collected over a two-day period in January 2006 at anycast instances for the C, F and K root nameservers. We analyze how anycast DNS service affects the worldwide population of Internet users. To determine whether clien...
متن کاملAnalyzing the Propagation of IoT Botnets from DNS Leakage
Mirai and Hajime are two large botnets that came to prominence in the Fall of 2016, notably due to Mirai’s launching of several large DDoS attacks. The propagation method of the two botnets is similar, drawing upon poor security measures in IoT devices. While reverseengineering efforts have detailed the propagation logic, measuring the actual growth of each botnet remains difficult, with curren...
متن کاملThe Effect of DNS on Tor's Anonymity
Previous attacks that link the sender and receiver of traffic in the Tor network (“correlation attacks”) have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. This paper quantifies how DNS traff...
متن کاملAnalyzing the K-root DNS Anycast Infrastructure
K-root is one of the DNS root servers that make use of anycast. Anycast is used to scale the root servers and increase performance by spreading instances of the same server over different locations, at the cost of increased complexity. In this paper the anycast infrastructure of the K-root DNS server is analyzed in order to understand if the infrastructure provides optimal service to its client...
متن کاملDetecting DNS Tunnels Using Character Frequency Analysis
High-bandwidth covert channels pose significant risks to sensitive and proprietary information inside company networks. Domain Name System (DNS) tunnels provide a means to covertly infiltrate and exfiltrate large amounts of information passed network boundaries. This paper explores the possibility of detecting DNS tunnels by analyzing the unigram, bigram, and trigram character frequencies of do...
متن کامل