poster

DNS: (do not suspect)

Author:
Fernando Seror Garcia

Chicago, IL

Chicago, IL
View Profile

RIIT '13: Proceedings of the 2nd annual conference on Research in information technologyOctober 2013Pages 53–54https://doi.org/10.1145/2512209.2512222

Published:01 October 2013Publication History

RIIT '13: Proceedings of the 2nd annual conference on Research in information technology

Pages 53–54

ABSTRACT

This project investigates the possibility of using the DNS (Domain Name System) protocol to communicate with a zombie host while avoiding detection by an IDS (Intrusion Detection System).

Right now this communication is often made through the IRC (Internet Relay Chatroom) protocol. IRC is used for chat rooms with a known port easily blocked with a firewall and a pattern that raises a lot of alerts on any IDS available. This does not happen with DNS, which is a protocol used for the well-functioning of the whole Internet. If somebody was able to communicate through DNS packets it would result almost invisible and harder to block that IRC.

The purpose of this project is to address the possibility of doing this and if so, to investigate how to make the DNS protocol safer.

References

Multiple RFCs (Request For Comments): http://www.ietf.orgGoogle Scholar
Security by Default (Spanish blog). About DNS tunneling: http://www.securitybydefault.com/2010/01/tunelizando-dns-otra-opcion-con-iodine.htmlGoogle Scholar
Snort (installation and usage): http://www.snort.org/ & https://help.ubuntu.com/community/SnortIDSGoogle Scholar
Icann (Internet Corporation for Assigned Names and Numbers): http://www.icann.orgGoogle Scholar
OpenDNS: http://www.opendns.comGoogle Scholar

Index Terms

DNS: (do not suspect)
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification

Recommendations

Identifying botnets by capturing group activities in DNS traffic

Botnets have become the main vehicle to conduct online crimes such as DDoS, spam, phishing and identity theft. Even though numerous efforts have been directed towards detection of botnets, evolving evasion techniques easily thwart detection. Moreover, ...
Read More
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the Internet

Many of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
Read More
The Next Malware Battleground: Recovery After Unknown Infection

Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
RIIT '13: Proceedings of the 2nd annual conference on Research in information technology
October 2013
102 pages
ISBN:9781450324946
DOI:10.1145/2512209
General Chair:
William D. Armitage
University of South Florida, USA
,
Program Chairs:
Rob Friedman
University of Washington Tacoma, USA
,
Ken Baker
CH Mack, USA
Copyright © 2013 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 October 2013
Check for updates
Author Tags
botnet
dns
irc
malware
Qualifiers
- poster
Conference

Acceptance Rates
RIIT '13 Paper Acceptance Rate12of24submissions,50%Overall Acceptance Rate51of116submissions,44%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 211
  Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

DNS: (do not suspect)

RIIT '13: Proceedings of the 2nd annual conference on Research in information technology

ABSTRACT

References

Cited By

Index Terms

Recommendations

Identifying botnets by capturing group activities in DNS traffic

Correlation Analysis between Spamming Botnets and Malware Infected Hosts

The Next Malware Battleground: Recovery After Unknown Infection