|
" Investigating DNS Hijacking Through High Frequency Measurements "
Braun, Benjamin
Savage, Stefan
| Document Type
|
:
|
Latin Dissertation
|
| Language of Document
|
:
|
English
|
| Record Number
|
:
|
905468
|
| Doc. No
|
:
|
TL8tm5c7r7
|
| Main Entry
|
:
|
Braun, Benjamin
|
| Title & Author
|
:
|
Investigating DNS Hijacking Through High Frequency Measurements\ Braun, BenjaminSavage, Stefan
|
| College
|
:
|
UC San Diego
|
| Date
|
:
|
2016
|
| student score
|
:
|
2016
|
| Abstract
|
:
|
Targeted security threats from resourceful adversaries have become a constant phenomenon on the Internet. One particularly effective attack vector is the Domain Name System (DNS). By compromising the DNS registrar, an attacker can manipulate arbitrary name records of the victim company, resulting in potential compromise of all incoming and internal emails, allowing for highly targeted phishing of login credentials, and a number of other attacks. This thesis examines the prevalence of such DNS hijackings through active scanning measurements of potentially targeted domains and companies.As part of this work, we implemented and deployed a scanning infrastructure that queries domain name records of a large set of potential targets at high frequency. For further analysis, we also run scans of Transport Layer Security (TLS) certificates, as well as full website crawls when changes are detected.Over a period of three months, this system collected measurements for 58,000 aerospace related domains. 86% of the scanned domains were stable over the entire measurement period and a majority of the observed DNS changes were caused by content delivery networks and load balancing. We searched this data for attacks using heuristics based on previous DNS hijacking attacks. Although, given our observations, we have not been able to detect ongoing attacks so far, we did observe some anomalies and unspecified behavior. The analysis also showed that short-lived changes occur frequently and we attempt to categorize these by potential causes. Finally, we discuss further improvements to better detect attacks in the future.
|
| Added Entry
|
:
|
Savage, Stefan
|
| Added Entry
|
:
|
UC San Diego
|
| |