Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : papers : 2007 : dns_anomalies
Passive Monitoring of DNS Anomalies
B. Zdrnja, N. Brownlee, and D. Wessels, “Passive Monitoring of DNS Anomalies'', in Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA) 2007, Lucerne, Switzerland, Jul 2007, vol. 4579, pp. 129--139, Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA) 2007.
|  View full paper:    PDF    |  View citation:    BibTeX  |

Passive Monitoring of DNS Anomalies

Bojan Zdrnja 3
Nevil Brownlee 1, 3
Duane Wessels 2
1

CAIDA,San Diego Supercomputer Center,University of California, San Diego

2

The Measurement Factory, Inc.

3

University of Auckland, New Zealand

We collected DNS responses at the University of Auckland Internet gateway in an SQL database, and analyzed them to detect unusual behaviour. Our DNS response data have included typo squatter domains, fast flux domains and domains being (ab)used by spammers. We observe that current attempts to reduce spam have greatly increased the number of A records being resolved. We also observe that the data locality of DNS requests diminishes because of domains advertised in spam.

  Last Modified: Mon Oct-13-2014 16:36:18 PDT
  Page URL: http://www.caida.org/publications/papers/2007/dns_anomalies/index.xml