Passive OS Fingerprinting by DNS Traffic Analysis

Author

Matsunaka, Takashi ; Yamada, Akimasa ; Kubota, Ayumu

Author_Institution

KDDI R&D Labs. Inc., Saitama, Japan

fYear

2013

fDate

25-28 March 2013

Firstpage

243

Lastpage

250

Abstract

In this paper, we propose a new passive OS fingerprinting method which only requires DNS traffic analysis. The method utilizes characteristics on DNS queries specific to each OS, e.g. unique domain names, query patterns, time interval etc. The method can estimate the number of devices with each OS from the number of queries by utilizing the characteristics of the time interval patterns. The method considers the likelihood of irregular events that some queries are sent at less than regular time intervals, and some other queries are sent at more than regular time intervals. We analyze DNS traffic sent by each OS and extract the characteristics for OS fingerprinting. Then, we examine our estimation method by using DNS traffic in our intra-network. According to our examination, some results of our estimation method are close to the results of DHCP fingerprinting.

Keywords

Internet; operating systems (computers); query processing; telecommunication traffic; DHCP fingerprinting; DNS queries; DNS traffic analysis; intranetwork; network traffic; operating systems; passive OS fingerprinting method; query patterns; time interval; time interval patterns; unique domain names; Androids; Estimation; Fingerprint recognition; Humanoid robots; IP networks; Monitoring; Servers; Passive OS fingerprinting: Traffic analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications (AINA), 2013 IEEE 27th International Conference on

Conference_Location

Barcelona

ISSN

1550-445X

Print_ISBN

978-1-4673-5550-6

Electronic_ISBN

1550-445X

Type

conf

DOI

10.1109/AINA.2013.119

Filename

6531762