Investigating DNS Hijacking Through High Frequency Measurements
نام عام مواد
[Thesis]
نام نخستين پديدآور
Braun, Benjamin
نام ساير پديدآوران
Savage, Stefan
وضعیت نشر و پخش و غیره
نام ناشر، پخش کننده و غيره
UC San Diego
تاریخ نشرو بخش و غیره
2016
یادداشتهای مربوط به پایان نامه ها
کسي که مدرک را اعطا کرده
UC San Diego
امتياز متن
2016
یادداشتهای مربوط به خلاصه یا چکیده
متن يادداشت
Targeted security threats from resourceful adversaries have become a constant phenomenon on the Internet. One particularly effective attack vector is the Domain Name System (DNS). By compromising the DNS registrar, an attacker can manipulate arbitrary name records of the victim company, resulting in potential compromise of all incoming and internal emails, allowing for highly targeted phishing of login credentials, and a number of other attacks. This thesis examines the prevalence of such DNS hijackings through active scanning measurements of potentially targeted domains and companies.As part of this work, we implemented and deployed a scanning infrastructure that queries domain name records of a large set of potential targets at high frequency. For further analysis, we also run scans of Transport Layer Security (TLS) certificates, as well as full website crawls when changes are detected.Over a period of three months, this system collected measurements for 58,000 aerospace related domains. 86% of the scanned domains were stable over the entire measurement period and a majority of the observed DNS changes were caused by content delivery networks and load balancing. We searched this data for attacks using heuristics based on previous DNS hijacking attacks. Although, given our observations, we have not been able to detect ongoing attacks so far, we did observe some anomalies and unspecified behavior. The analysis also showed that short-lived changes occur frequently and we attempt to categorize these by potential causes. Finally, we discuss further improvements to better detect attacks in the future.
نام شخص به منزله سر شناسه - (مسئولیت معنوی درجه اول )