Modeling DNS agility with DNSMap

Author

Berger, A. ; Gansterer, Wilfried N.

Author_Institution

FTW Telecommun. Res. Center Vienna, Vienna, Austria

fYear

2013

fDate

14-19 April 2013

Firstpage

387

Lastpage

392

Abstract

More and more Internet services are hosted by Content Distribution Networks or Cloud operators. Often, IP addresses are reused for several services, and the mapping between domain names and IPs has become highly agile. This complicates the analysis of monitoring data, as it is not clear anymore which IP address represents which service at which time. We propose a system that continuously monitors this activity using captured DNS packets in a large network. Thereby we are able to (i) understand the allocation strategies inside a hosting provider, and (ii) report significant changes that are not due the normal agility of a particular service. We evaluate our system using a 2-weeks data set from a large network operator, and demonstrate how it can be used to find malicious sites.

Keywords

IP networks; Internet; computer network security; resource allocation; DNS agility modeling; DNS packets; DNSMap; IP addresses; Internet services; allocation strategies; cloud operators; content distribution networks; domain names; hosting provider; large network operator; malicious sites; Blogs; Merging; Quality of service; World Wide Web;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on

Conference_Location

Turin

Print_ISBN

978-1-4799-0055-8

Type

conf

DOI

10.1109/INFCOMW.2013.6562862

Filename

6562862