Title :
Information Leakage through the Domain Name System
Author :
Rose, Scott ; Chandramouli, Ramaswamy ; Nakassis, Anastase
Author_Institution :
Nat. Inst. for Stand. & Technol., Gaithersburg, MD
Abstract :
The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack since it provides the route map for reaching any resource (e.g., hosts) in any organization irrespective of its geographical and network location. An attacker can query an organizationpsilas DNS as reconnaissance before attacking hosts on a particular network. To minimize the chances of these attacks succeeding, the administrator of an organizationpsilas DNS (called the zone administrator), has various counter measures options in the form of content control, configuration, protocols, operational and infrastructure protection methods. In this paper, we analyze these and discuss their effectiveness and limitations.
Keywords :
Internet; protocols; telecommunication network routing; telecommunication security; DNS; Internet transaction; content control; domain name system; global lookup service; information leakage; network attack; network resource; network routing; protocol; zone administrator; Computer security; Counting circuits; Domain Name System; File servers; IP networks; Network servers; Protection; Reconnaissance; Terrorism; Web server; DNSSEC; Domain Infrastructure Security; Domain Name System;
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
DOI :
10.1109/CATCH.2009.10
