...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>電子情報通信学会技術研究報告 >Detection of NS Resource Record DNS Resolution Traffic, Host Search, and SSH Dictionary Attack Activities
【24h】

Detection of NS Resource Record DNS Resolution Traffic, Host Search, and SSH Dictionary Attack Activities

机译:检测NS资源记录DNS解析流量,主机搜索和SSH字典攻击活动

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

We performed an entropy study on the DNS query traffic from the Internet to the top domain DNS server in a university campus network through January 1st to March 31st, 2009. The obtained results are: (1) We observed a difference for the entropy changes among the total-, the A-, and the PTR resource records (RRs) based DNS query traffic from the Internet through January 17th to February 1st, 2009. (2) We found the large NS RR based DNS query traffic including only a keyword "." in the total DNS query traffic from the Internet. (3) We also found that the unique source IP address based PTR DNS traffic entropy slightly increased, while the unique DNS query keywords based one drastically decreased in March 9th, 2009. We found a specific IP host which was an already-hijacked classical Linux PC that carried out the SSH dictionary attack to the Internet sites in March 9th, 2009. From these results, we can detect the unusual NS RR based DNS traffic and SSH dictionary attacks by only watching DNS query traffic from the Internet.
机译:我们对2009年1月1日至3月31日之间从Internet到大学校园网络中顶级域DNS服务器的DNS查询流量进行了熵研究。得到的结果是:(1)我们观察到了熵变化之间的差异。截至2009年1月17日至2月1日,基于Internet的总计,A和PTR资源记录(RR)的DNS查询流量。(2)我们发现基于NS RR的大型DNS查询流量很大,其中仅包含关键字“ 。”来自Internet的DNS查询总流量。 (3)在2009年3月9日,我们还发现基于唯一源IP地址的PTR DNS流量熵略有增加,而基于一个源的唯一DNS查询关键字则急剧减少。 PC在2009年3月9日对Internet站点进行了SSH字典攻击。通过这些结果,我们仅通过查看来自Internet的DNS查询流量,就可以检测到基于NS RR的异常DNS流量和SSH字典攻击。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号