IP Traceback Using DNS Logs against Bots

Author

Takemori, Keisuke ; Fujinaga, Masahiko ; Sayama, Toshiya ; Nishigaki, Masakatsu

Author_Institution

KDDI R&D Labs. Inc., Fujimino

fYear

2008

fDate

13-15 Oct. 2008

Firstpage

84

Lastpage

89

Abstract

Source IP spoofing attacks are critical issues to the Internet. These attacks are considered to be sent from bot infected hosts. There has been active research on IP traceback technologies. However, the traceback from an end victim host to an end spoofing host has not yet been achieved, due to the lack of traceback probes installed on each routing path. There is a need to replace alternative probes in order to reduce the installation cost. In this research, we propose an IP tracking scheme against bots using the DNS logs. Many types of bots retrieve IP addresses from fully qualified domain names (FQDNs) at the beginning of communication. The proposed scheme checks from the destination to the source DNS logs, in order to extract the bots. Also, we propose means to distinguish spoofing from non-spoofing attacks, and how to obtain reliable of tracking results. We collect bot communication patterns to confirm that the DNS log can be used for reasonable probes and for achieving a high tracking success rate.

Keywords

IP networks; Internet; invasive software; telecommunication network routing; telecommunication security; DNS log; IP traceback technology; Internet; bot communication pattern; bot infected host; fully qualified domain name; routing path; source IP spoofing attack; Application software; Cities and towns; Computer science; Costs; Internet; Laboratories; Privacy; Probes; Research and development; Routing; Bot; DNS log; IP spoofing attack; IP traceback;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and its Applications, 2008. CSA '08. International Symposium on

Conference_Location

Hobart, ACT

Print_ISBN

978-0-7695-3428-2

Type

conf

DOI

10.1109/CSA.2008.43

Filename

4654066