DNSハニーポットによる不正活動観測(セキュリティ,一般)

Presentation	2013/7/11 Observing Malicious Activities with DNS Honeypot DAISUKE MAKITA, KATSUNARI YOSHIOKA, TSUTOMU MATSUMOTO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Domain Name System (DNS) plays an important role to map domain names to their information such as IP addresses on the Internet. Meantime, DNS is also abused for malicious activities. Especially, DNS cache servers which allow recursive queries from anywhere on the Internet (Open Resolver) are abused as steppingstones for DNS amplification attacks, a type of DDoS attacks. In this paper, we propose a method for observing malicious activities that abuse DNS servers. In this method, we prepare several monitoring points on the Internet, run a dummy DNS server as a honeypot at each point, observe and analyze malicious activities from their traffic. As a result of long-term evaluation experiment in ISP networks, we confirm that out method can observe a series of suspicious activities that appear to be related to DNS amplification attacks.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)
Paper #	Vol.2013-CSEC-62 No.54,Vol.2013-SPT-6 No.54
Date of Issue

Paper Information
Registration To	Social Implications of Technology and Information Ethics (SITE)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Observing Malicious Activities with DNS Honeypot
Sub Title (in English)
Keyword(1)
1st Author's Name	DAISUKE MAKITA
1st Author's Affiliation	Yokohama National University()
2nd Author's Name	KATSUNARI YOSHIOKA
2nd Author's Affiliation	Yokohama National University
3rd Author's Name	TSUTOMU MATSUMOTO
3rd Author's Affiliation	Yokohama National University
Date	2013/7/11
Paper #	Vol.2013-CSEC-62 No.54,Vol.2013-SPT-6 No.54
Volume (vol)	vol.113
Number (no)	136
Page	pp.pp.-
#Pages	8
Date of Issue