عنوان
پدید آورنده
موضوع
رده
کتابخانه
محل استقرار
NATIONAL BIBLIOGRAPHY NUMBER
Number
TL8tm5c7r7
LANGUAGE OF THE ITEM
.Language of Text, Soundtrack etc
انگلیسی
TITLE AND STATEMENT OF RESPONSIBILITY
Title Proper
Investigating DNS Hijacking Through High Frequency Measurements
General Material Designation
[Thesis]
First Statement of Responsibility
Braun, Benjamin
Subsequent Statement of Responsibility
Savage, Stefan
.PUBLICATION, DISTRIBUTION, ETC
Name of Publisher, Distributor, etc.
UC San Diego
Date of Publication, Distribution, etc.
2016
DISSERTATION (THESIS) NOTE
Body granting the degree
UC San Diego
Text preceding or following the note
2016
SUMMARY OR ABSTRACT
Text of Note
Targeted security threats from resourceful adversaries have become a constant phenomenon on the Internet. One particularly effective attack vector is the Domain Name System (DNS). By compromising the DNS registrar, an attacker can manipulate arbitrary name records of the victim company, resulting in potential compromise of all incoming and internal emails, allowing for highly targeted phishing of login credentials, and a number of other attacks. This thesis examines the prevalence of such DNS hijackings through active scanning measurements of potentially targeted domains and companies.As part of this work, we implemented and deployed a scanning infrastructure that queries domain name records of a large set of potential targets at high frequency. For further analysis, we also run scans of Transport Layer Security (TLS) certificates, as well as full website crawls when changes are detected.Over a period of three months, this system collected measurements for 58,000 aerospace related domains. 86% of the scanned domains were stable over the entire measurement period and a majority of the observed DNS changes were caused by content delivery networks and load balancing. We searched this data for attacks using heuristics based on previous DNS hijacking attacks. Although, given our observations, we have not been able to detect ongoing attacks so far, we did observe some anomalies and unspecified behavior. The analysis also showed that short-lived changes occur frequently and we attempt to categorize these by potential causes. Finally, we discuss further improvements to better detect attacks in the future.
PERSONAL NAME - PRIMARY RESPONSIBILITY
Braun, Benjamin
PERSONAL NAME - SECONDARY RESPONSIBILITY
Savage, Stefan
CORPORATE BODY NAME - SECONDARY RESPONSIBILITY
UC San Diego
ELECTRONIC LOCATION AND ACCESS
Electronic name
مطالعه متن کتاب p
[Thesis]
276903
a
Y
