CAIDA Home
 www.caida.org > publications : papers : 2007 : : dns_anomalies
    donate     contact     search:
CAIDA: Cooperative Association for Internet Data Analysis
Passive Monitoring of DNS Anomalies

-----summary of contents-----
Abstract for "Passive Monitoring of DNS Anomalies" authored by Bojan Zdrnja, Nevil Brownlee, and Duane Wessels. Presented at the Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), vol. 4579, pp. 129-139, in 2007.
|  View full paper:    PDF  |

-----end summary of contents-----

Passive Monitoring of DNS Anomalies

Bojan Zdrnja
University of Auckland, New Zealand

Nevil Brownlee
University of Auckland, New Zealand and
Cooperative Association for Internet Data Analysis - CAIDA
San Diego Supercomputer Center,
University of California, San Diego

Duane Wessels
The Measurement Factory, Inc.

We collected DNS responses at the University of Auckland Internet gateway in an SQL database, and analyzed them to detect unusual behaviour. Our DNS response data have included typo squatter domains, fast flux domains and domains being (ab)used by spammers. We observe that current attempts to reduce spam have greatly increased the number of A records being resolved. We also observe that the data locality of DNS requests diminishes because of domains advertised in spam.

|  View full paper:    PDF  |

Cooperative Association for Internet Data Analysis (CAIDA)
  Last Modified: Wed May-20-2009 9:34:40 PDT
  Page URL: http://www.caida.org/publications/papers/2007/dns_anomalies/index.xml