IMDEA Networks Institute Publications Repository

Ghost Domain Names: Revoked Yet Still Resolvable

Jiang, Jian and Liang, Jinjin and Li, Kang and Li, Jun and Duan, Haixin and Wu, Jianping (2012) Ghost Domain Names: Revoked Yet Still Resolvable. In: The 19th Annual Network & Distributed System Security Symposium (NDSS 2012), 5-8 February 2012, San Diego, California, USA.

[img]
Preview
PDF
Download (542Kb) | Preview

Abstract

Attackers often use domain names for various malicious purposes such as phishing, botnet command and control, and malware propagation. An obvious strategy for preventing these activities is deleting the malicious domain from the upper level DNS servers. In this paper, we show that this is insufficient. We demonstrate a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. Our experiments with 19,045 open DNS servers show that even one week after a domain name has been revoked and its TTL expired, more than 70% of the servers will still resolve it. Finally, we discuss several strategies to prevent this attack.

Item Type: Conference or Workshop Papers (Paper)
Subjects: Q Science > Q Science (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > T Technology (General)
T Technology > TA Engineering (General). Civil engineering (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Faculty of Engineering, Science and Mathematics > School of Electronics and Computer Science
Depositing User: Rebeca De Miguel
Date Deposited: 09 Mar 2012 15:33
Last Modified: 03 Dec 2014 08:45
URI: http://eprints.networks.imdea.org/id/eprint/200

Actions (login required)

View Item View Item