MiND : Misdirected DNS packet Detector
In this paper, the authors present MiND, a tool to detect DNS packet indirection attacks within an Autonomous System (AS). MiND uses a name server database to detect misdirected DNS queries by examining only the network layer information. The name server database uses publicly available DNS PTR and NS records to populate itself. The validity and authenticity of name server information is ensured through continuous updates. Using their tool, they detect the presence of malicious domains within their autonomous system. Their analysis using MiND results in a false positive rate of less than 0.8%, with improved query verification latency when compared to prior solutions. They deploy MiND as an online analysis tool without requiring significant infrastructure upgrade or coordination from different entities.
Provided by: Texas A&M University Topic: Security Date Added: Jul 2011 Format: PDF