|
|
You are hereHome » NANOG Meeting Presentation Abstract
|
|
NANOG Meeting Presentation Abstract
| Passive Detection of Misbehaving Name Servers | | Meeting: | NANOG59 | |
| Date / Time: | 2013-10-07 3:00pm - 3:30pm
| |
| Room: | Akimel Ballroom 3 & 4 | |
| Presenters: | Speakers:
Jonathan Spring, Software Engineering Institute (CERT)Jonathan Spring is a member of the technical staff within the CERT(r) Division at Carnegie Mellon University's Software Engineering Institute, a federally-funded research and development center. In addition to his research and analysis role, Jonathan is an adjunct professor at the University of Pittsburgh's School of Information Sciences. He has also co-authored a textbook, "Introduction to Information Security: A Strategic-Based Approach." | |
| Abstract: | In this paper we demonstrate that there are name servers that exhibit IP address flux, a behavior that falls outside the prescribed parameters. We demonstrate this flux in two types of data: passively collected DNS messages and the contents of several large, top-level domains’ official zone files. The community of name server operators has previously indicated that there is no benign use case for such behavior and has attempted to quash it. The continued existence of such behavior is an indicator of malicious name server activity and the inadequacy of attempts to control it. | |
| Files: |  Passive Detection of Misbehaving Name Servers(PDF)
 Passive Detection of Misbehaving Name Servers
| |
| Sponsors: | None. | |
Back to NANOG59 agenda. NANOG59 Abstracts- Datacenter Track
Moderators:
Martin HanniganAkamai Technologies, Inc.; .Daniel Golding, Iron Mountain;
- Datacenter Track
Moderators:
Martin HanniganAkamai Technologies, Inc.; .Daniel Golding, Iron Mountain;
|
|
|
Media Releases
NANOG Meetings
