Sciweavers

NDSS
2008
IEEE

Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

14 years 6 months ago
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
We study and document an important development in how attackers are using Internet resources: the creation of malicious DNS resolution paths. In this growing form of attack, victims are forced to use rogue DNS servers for all resolution. To document the rise of this “second secret authority” on the Internet, we studied instances of aberrant DNS resolution on a university campus. We found dozens of viruses that corrupt resolution paths, and noted that hundreds of URLs discovered per week performed drive-by alterations of host DNS settings. We used the rogue servers discovered in this analysis to document numerous live incidents on the university network. To measure this problem on the larger Internet, we generated DNS requests to most of IPv4, using a unique label query for each request. We found 17 million hosts responding, and further tracked the resolution path they used to reach our NS. Unable to find plausible harmless explanations for such a large number of open recursive ho...
David Dagon, Niels Provos, Christopher P. Lee, Wen
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where NDSS
Authors David Dagon, Niels Provos, Christopher P. Lee, Wenke Lee
Comments (0)