Ghost Domain Names: Revoked Yet Still Resolvable

Jiang, Jian; Liang, Jinjin; Li, Kang; Li, Jun; Duan, Haixin; Wu, Jianping

Date

2012-02-05

Abstract

Attackers often use domain names for various malicious purposes such as phishing, botnet command and control, and malware propagation. An obvious strategy for preventing these activities is deleting the malicious domain from the upper level DNS servers. In this paper, we show that this is insufficient. We demonstrate a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers. Our experiments with 19,045 open DNS servers show that even one week after a domain name has been revoked and its TTL expired, more than 70% of the servers will still resolve it. Finally, we discuss several strategies to prevent this attack.

Subject

Q Science::Q Science (General)
Q Science::QA Mathematics::QA75 Electronic computers. Computer science
T Technology::T Technology (General)
T Technology::TA Engineering (General). Civil engineering (General)
T Technology::TK Electrical engineering. Electronics Nuclear engineering

Files

Ghost domain names - 2012 EN.pdf (542.0Kb)

Identifiers

URI: http://hdl.handle.net/20.500.12761/708

Metadata

Show full item record