Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Report

Passive Detection of Misbehaving Name Servers

  • Abstract

    In the process of categorizing malicious domains, distinguishing between suspicious and benign name servers can allow the name servers themselves to be acted against. Name servers do not normally change internet protocol (IP) addresses frequently. Domains that do change IP addresses quickly or often are said to exhibit IP flux, which can allow services, such as web pages that deliver malicious content, to circumvent defenders' attempts to block their IP addresses. IP flux in a name server's domain may be a sign that the name server is suspicious. This report demonstrates that name-server flux exists and is ongoing. Furthermore, there are two types of data that can reveal IP flux in domain name system (DNS) servers: passively collected DNS messages and the contents of several large, top-level domains' official zone files. 

  • Download

Cite This Report

SEI

Metcalf, Leigh; & Spring, Jonathan. Passive Detection of Misbehaving Name Servers (CMU/SEI-2013-TR-010). Software Engineering Institute, Carnegie Mellon University, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=65269

IEEE

Metcalf. Leigh, and Spring. Jonathan, "Passive Detection of Misbehaving Name Servers," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2013-TR-010, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=65269

APA

Metcalf, Leigh., & Spring, Jonathan. (2013). Passive Detection of Misbehaving Name Servers (CMU/SEI-2013-TR-010). Retrieved December 20, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=65269

CHI

Leigh Metcalf, & Jonathan Spring. Passive Detection of Misbehaving Name Servers (CMU/SEI-2013-TR-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=65269

MLA

Metcalf, Leigh., & Spring, Jonathan. 2013. Passive Detection of Misbehaving Name Servers (Technical Report CMU/SEI-2013-TR-010). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=65269