Jiang, Jian and Liang, Jinjin and Li, Kang and Li, Jun and Duan, Haixin and Wu, Jianping (2012) Ghost Domain Names: Revoked Yet Still Resolvable. In: The 19th Annual Network & Distributed System Security Symposium (NDSS 2012), 5-8 February 2012, San Diego, California, USA.
Download (542Kb) | Preview
Attackers often use domain names for various malicious purposes such as phishing, botnet command and control, and malware propagation. An obvious strategy for preventing these activities is deleting the malicious domain from the upper level DNS servers. In this paper, we show that this is insufficient. We demonstrate a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. Our experiments with 19,045 open DNS servers show that even one week after a domain name has been revoked and its TTL expired, more than 70% of the servers will still resolve it. Finally, we discuss several strategies to prevent this attack.
|Item Type:||Conference or Workshop Papers (Paper)|
|Subjects:||Q Science > Q Science (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > T Technology (General)
T Technology > TA Engineering (General). Civil engineering (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
|Divisions:||Faculty of Engineering, Science and Mathematics > School of Electronics and Computer Science|
|Depositing User:||Rebeca De Miguel|
|Date Deposited:||09 Mar 2012 15:33|
|Last Modified:||03 Dec 2014 08:45|
Actions (login required)