Title page for 975202001

[Back to Results | New Search]

Student Number 975202001
Author Tien-hao Tsai(½²¤Ñ¯E)
Author's Email Address 975202001@cc.ncu.edu.tw
Statistics This thesis had been viewed 936 times. Download 15 times.
Department Computer Science and Information Engineering
Year 2009
Semester 2
Degree Master
Type of Document Master's Thesis
Language English
Title DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
Date of Defense 2010-06-30
Page Count 28
  • botnet
  • cache poisoning
  • DNS
  • Abstract In this paper, we propose a network-based solution, DNSPD, to defend an organization against the notorious DNS cache poisoning attack. DNS cache poisoning has been used to attack DNS servers since 1993 [1]. Through this type of attacks, an attacker can change the IP address of a domain name to any IP address chosen by her/him. Because an attacker can not obtain the transaction number and port number of a DNS query sent by a DNS resolver, in order to forge the related DNS response with a prepared IP address, the attacker needs to send many fake DNS response to the resolver, and all the fake DNS messages may have the same IP address. Based on this observation, DNSPD solves DNS cache poisoning by detecting, recording, and confirming the IP addresses appearing in contents of fake DNS replies. As a result, DNSPD not only can block DNS cache poisoning attacks but also can identify the malicious hosts which attackers plan for redirecting target hosts¡¦ traffic. Usually these malicious hosts are botnet members and used as phishing sites; hence, identifying these bots and disconnecting traffic to them can provide further protection to the hosts in a network. Besides, through the utilization of Bloom Counter [2] and host confirmation, DNSPD maintains its detection accuracy even when it is bombarded with tremendous fake DNS replies. Experimental results show that with low performance overhead, DSNSP can accurate block DSN cache poisoning attacks and detect the related bots.
    Table of Content I. Introductions1
    II. DNS Background3
    2.1DNS Concepts3
    2.2DNS Query4
    2.3DNS Message Format6
    2.4DNS Cache Poisoning8
    III. Related Work12
    3.2Google method12
    3.4Client side13
    IV. The Design14
    4.1DNS resolver15
    4.2Analysis Crawler16
    V. Implementation18
    5.1DNS resolver18
    5.3Analysis Crawler19
    VI. Analysis20
    VII. Evaluation & Discussion24
    VIII. Future Work26
    Reference [1] Christoph Schuba, ¡§ADDRESSING WEAKNESSES IN THE DOMAIN NAME SYSTEM PROTOCOL¡¨, Master's thesis, Purdue University Department of Computer Sciences, (August 1993)
    [2] L. Fan, P. Cao, J. Almeida, and A. Z. Broder. ¡§Summary Cache: A
    Scalable Wide-Area Web Cache Sharing Protocol.¡¨ IEEE/ACM Transactions on
    Networking, Volume 8, Issue 3, Pages: 281 ¡V 293, (June 2000).
    [3] Dan Kaminsky, ¡§Black Ops 2008: It's The End of The Cache As We Know It,¡¨ Black Hat USA 2008 presentation, (Aug. 2008).
    [4] A. Hubert, R. van Mook, ¡§Measures for Making DNS More Resilient against Forged Answers,¡¨ RFC 5452, (Jan. 2009).
    [5] P. Mockapetris, ¡§DOMAIN NAMES - CONCEPTS AND FACILITIES,¡¨ RFC 1034, (November 1987)
    [6] P. Mockapetris, ¡§DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION,¡¨ RFC 1035, (November 1987)
    [7] DNSSEC: DNS Security Extensions Securing the Domain Name System. http://www.dnssec.net/
    [8] R. Arends, R. Austein, M. Larson, D. Massey, S. Rose, ¡§DNS Security Introduction and Requirements,¡¨ RFC 4033, (Mar. 2005)
    [9] Andrew Kalafut, Minaxi Gupta , ¡§Pollution Resilience for DNS Resolvers¡¨, IEEE ICC, Dresden, Pages: 281 ¡V 293, (June 2009).
    [10] Hung-Min Sun, Wen-Hsuan Chang, Shih-Ying Chang, and Yue-Hsun Lin, ¡§DepenDNS: Dependable Mechanism against DNS Cache Poisoning¡¨, Lecture Notes in Computer Science, Volume 5888, Pages: 174¡V188, (2009)
    [11] Fu-hau Hsu, Chang-kuo Tso, ¡§A Browser-side Solution to Drive-by-Download-Based Malicious Web Pages¡¨, Master's thesis, National Central University, (2009)

    [12] Fu-hau Hsu, Chuan-sheng Wang, ¡§Shark: Phishing Information Recycling from Spam Mails¡¨, Master's thesis, National Central University, (2010)
    [13] Alexa Top 500 Global Sites. http://www.alexa.com/topsites
    [14] US-CERT, ¡§Multiple DNS implementations vulnerable to cache poisoning¡¨, Vulnerability Note VU#800113 (July, 2008)
  • Fu-Hau Hsu(³\´Iµq)
  • Files
  • 975202001.pdf
  • disapprove authorization
    Date of Submission 2010-07-01

    [Back to Results | New Search]

    Browse | Search All Available ETDs

    If you have dissertation-related questions, please contact with the NCU library extension service section.
    Our service phone is (03)422-7151 Ext. 57407,E-mail is also welcomed.