ABSTRACT
This project investigates the possibility of using the DNS (Domain Name System) protocol to communicate with a zombie host while avoiding detection by an IDS (Intrusion Detection System).
Right now this communication is often made through the IRC (Internet Relay Chatroom) protocol. IRC is used for chat rooms with a known port easily blocked with a firewall and a pattern that raises a lot of alerts on any IDS available. This does not happen with DNS, which is a protocol used for the well-functioning of the whole Internet. If somebody was able to communicate through DNS packets it would result almost invisible and harder to block that IRC.
The purpose of this project is to address the possibility of doing this and if so, to investigate how to make the DNS protocol safer.
- Multiple RFCs (Request For Comments): http://www.ietf.orgGoogle Scholar
- Security by Default (Spanish blog). About DNS tunneling: http://www.securitybydefault.com/2010/01/tunelizando-dns-otra-opcion-con-iodine.htmlGoogle Scholar
- Snort (installation and usage): http://www.snort.org/ & https://help.ubuntu.com/community/SnortIDSGoogle Scholar
- Icann (Internet Corporation for Assigned Names and Numbers): http://www.icann.orgGoogle Scholar
- OpenDNS: http://www.opendns.comGoogle Scholar
Index Terms
- DNS: (do not suspect)
Recommendations
Identifying botnets by capturing group activities in DNS traffic
Botnets have become the main vehicle to conduct online crimes such as DDoS, spam, phishing and identity theft. Even though numerous efforts have been directed towards detection of botnets, evolving evasion techniques easily thwart detection. Moreover, ...
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the InternetMany of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
The Next Malware Battleground: Recovery After Unknown Infection
Malware has become a natural aspect of Internet computing due to the imperfectness of systems that identify malware and prevent their installation. Our ability to control the volume of unwanted and malicious traffic on the Internet—the spam messages, ...
Comments