Characterizing Dark DNS Behavior
نویسندگان
چکیده
Security researchers and network operators increasingly rely on information gathered from honeypots and sensors deployed on darknets, or unused address space, for attack detection. While the attack traffic gleaned from such deployments has been thoroughly scrutinized, little attention has been paid to DNS queries targeting these addresses. In this paper, we introduce the concept of dark DNS, the DNS queries associated with darknet addresses, and characterize the data collected from a large operational network by our dark DNS sensor. We discuss the implications of sensor evasion via DNS reconnaissance and emphasize the importance of proactive defense when deploying darknet sensors by properly delegating reverse DNS authority. Finally, we present honeydns, a tool that complements existing network sensors and low-interaction honeypots by providing simple DNS services.
منابع مشابه
The fate of Nissl-stained dark neurons following traumatic brain injury in rats: diVerence between neocortex and hippocampus regarding survival rate
We studied the fate of Nissl-stained dark neurons (N-DNs) following traumatic brain injury (TBI). N-DNs were investigated in the cerebral neocortex and the hippocampus using a rat lateral Xuid percussion injury model. Nissl stain, acid fuchsin stain and immunohistochemistry with phosphorylated extracellular signal-regulated protein kinase (pERK) antibody were used in order to assess posttraumat...
متن کاملThe effect of silver nanoparticles on apoptosis and dark neuron production in rat hippocampus
Objective(s):Silver nanoparticles (Ag-NPs) are used widely in bedding, water purification, tooth paste and toys. These nanoparticles can enter into the body and move into the hippocampus. The aim of this study was to investigate the neurotoxicity of silver nanoparticles in the adult rat hippocampus. Materials and Methods:12 male Wistar rats were randomly divided into two experimental and contro...
متن کاملDRAFT On Modern DNS Behavior and Properties
The Internet crucially depends on the Domain Name System (DNS) to both allow users to interact with the system in human-friendly terms and also increasingly as a way to direct traffic to the best content replicas at the instant the content is requested. While previous efforts have characterized DNS, the DNS ecosystem has evolved over time and this paper is therefore an initial study into the be...
متن کاملThe best bang for the byte: Characterizing the potential of DNS amplification attacks
DNS amplification has been instrumental in over 34% of high-volume network DDoS attacks, with some floods exceeding 300Gbps. Today’s best practices require Internet-wide cooperation and have been unable to prevent these attacks. In this work, we investigate whether these best practices can eliminate DNS amplification attacks and characterize what threats remain. In particular, we study roughly ...
متن کاملDNS Usage Mining Based on Clustering Analysis of Co-occurrence Patterns: Methods and Applications
The principal goal of DNS usage mining is the discovery and analysis of patterns in the query behavior of DNS users. In this paper, we develop a unified framework for DNS usage mining based on Clustering analysis of cooccurrence data derived from DNS server query data. Through transforming the raw query data into co-occurrence matrix, some clustering approaches and probabilistic inferences can ...
متن کامل