DocumentCode :
2259005
Title :
Statistical study of unusual DNS query traffic
Author :
Romana, Dennis Arturo Ludena ; Musashi, Yasuo ; Nagatomi, Hirofumi ; Sugitani, Kenichi
Author_Institution :
Kumamoto Univ., Kumamoto
fYear :
2007
fDate :
17-19 Oct. 2007
Firstpage :
592
Lastpage :
595
Abstract :
We statistically investigated on the unusual big DNS resolution traffic toward the top domain DNS server from a university local campus network in April 11th, 2006. The following results are obtained: (1) In April 11th, the DNS query traffic includes a lot of fully qualified domain names (FQDNs) of several specific Web sites as name resolution keywords. (2) Also, the DNS query traffic includes a plenty of source IP addresses of PC clients. Usually, we can observe the source IP addresses of E-mail and/or Web servers in the usual DNS query traffic, mainly. From this point, it can be concluded that the PC clients are probably infected with bot worms (BWs) and they have tried to crash the top domain DNS server.
Keywords :
Internet; query processing; telecommunication traffic; E-mail; PC clients; Web servers; Web sites; bot worms; domain DNS server; fully qualified domain names; source IP addresses; unusual DNS query traffic; unusual big DNS resolution traffic; Information technology;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Communications and Information Technologies, 2007. ISCIT '07. International Symposium on
Conference_Location :
Sydney,. NSW
Print_ISBN :
978-1-4244-0976-1
Electronic_ISBN :
978-1-4244-0977-8
Type :
conf
DOI :
10.1109/ISCIT.2007.4392087
Filename :
4392087
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2259005
بازگشت