Revealing Botnet Membership Using DNSBL Counter-Intelligence

Botnets-networks of (typically compromised) machines-are often used for nefarious activities (e.g., spam, click fraud, denial-of-service attacks, etc.). Identifying members of botnets could help stem these attacks, but passively detecting botnet membership (i.e., without disrupting the operation of the botnet) proves to be difficult. This paper studies the effectiveness of monitoring lookups to a DNS-based BLackhole list (DNSBL) to expose botnet membership. The authors perform counter-intelligence based on the insight that botmasters themselves perform DNSBL lookups to determine whether their spamming bots are blacklisted.

Provided by: Georgia Institute of Technology Topic: Security Date Added: Jan 2012 Format: PDF

Find By Topic