1 / 12

Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. Reporter: Jing Chiu Adviser: Yuh-Jye Lee. Reference. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority Authors: David Dagon, Niels Provos, Christopher P. Lee, and Wenke Lee.

adelio
Download Presentation

Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority Reporter: Jing Chiu Adviser: Yuh-Jye Lee Data Mining & Machine Learning Lab

  2. Reference • Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority • Authors: David Dagon, Niels Provos, Christopher P. Lee, and Wenke Lee. • Conference: Network and Distributed Security Symposium (NDSS )2008. Data Mining & Machine Learning Lab

  3. Outline • Introduction • Methodology • Analysis • Conclusion Data Mining & Machine Learning Lab

  4. Introduction • DNS resolution path corruption • Rogue DNS service Data Mining & Machine Learning Lab

  5. Methodology • Organizing IPv4 into a series of classful addresses • Using bogons list published by Team Cymru • Exclude U.S. Military and U.S. government • Design Query Pattern • Blowfish(IP).parentzone.example.com • Select 600,000 resolvers • 200,000 uniformly randomly from all resolvers • 200,000 from resolvers overlapped with contacting Google • 200,000 from IP addresses known infected by Storm bot • Ask these resolvers to resolve 84 different domains during 4 days Data Mining & Machine Learning Lab

  6. Methodology (cont.) Data Mining & Machine Learning Lab

  7. Analysis • Open resolvers found • 10.4 million – late August 2007 • 10.5 million – early September 2007 • Union of two sets: 17,365,759 • 634,941 – January 2006 Data Mining & Machine Learning Lab

  8. Analysis (cont) Data Mining & Machine Learning Lab

  9. Analysis (cont.) Data Mining & Machine Learning Lab

  10. Analysis Data Mining & Machine Learning Lab

  11. Conclusion • DNSSEC • DNS with authority • Blocking • Block the remote DNS traffic • Recovery • After blocking or take down the Rogue DNS? Data Mining & Machine Learning Lab

  12. Thanks for attension • Questions? Data Mining & Machine Learning Lab

More Related