{"title":"通过域名系统的信息泄露","authors":"S. Rose, R. Chandramouli, A. Nakassis","doi":"10.1109/CATCH.2009.10","DOIUrl":null,"url":null,"abstract":"The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack since it provides the route map for reaching any resource (e.g., hosts) in any organization irrespective of its geographical and network location. An attacker can query an organization’s DNS as reconnaissance before attacking hosts on a particular network. To minimize the chances of these attacks succeeding, the administrator of an organization’s DNS (called the zone administrator), has various counter measures options in the form of content control, configuration, protocols, operational and infrastructure protection methods. In this paper, we analyze these and discuss the ireffectiveness and limitations.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"328 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Information Leakage through the Domain Name System\",\"authors\":\"S. Rose, R. Chandramouli, A. Nakassis\",\"doi\":\"10.1109/CATCH.2009.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack since it provides the route map for reaching any resource (e.g., hosts) in any organization irrespective of its geographical and network location. An attacker can query an organization’s DNS as reconnaissance before attacking hosts on a particular network. To minimize the chances of these attacks succeeding, the administrator of an organization’s DNS (called the zone administrator), has various counter measures options in the form of content control, configuration, protocols, operational and infrastructure protection methods. In this paper, we analyze these and discuss the ireffectiveness and limitations.\",\"PeriodicalId\":130933,\"journal\":{\"name\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"volume\":\"328 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CATCH.2009.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATCH.2009.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
摘要
DNS (Domain Name System)是网络资源的全局查找服务。它通常是Internet事务和网络攻击的第一步,因为它提供了到达任何组织中的任何资源(例如,主机)的路由图,而不考虑其地理位置和网络位置。攻击者在攻击特定网络中的主机之前,可以通过查询组织的DNS进行侦察。为了最大限度地减少这些攻击成功的机会,组织的DNS管理员(称为区域管理员)具有多种应对措施选项,包括内容控制、配置、协议、操作和基础设施保护方法。本文对此进行了分析,并讨论了其有效性和局限性。
Information Leakage through the Domain Name System
The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack since it provides the route map for reaching any resource (e.g., hosts) in any organization irrespective of its geographical and network location. An attacker can query an organization’s DNS as reconnaissance before attacking hosts on a particular network. To minimize the chances of these attacks succeeding, the administrator of an organization’s DNS (called the zone administrator), has various counter measures options in the form of content control, configuration, protocols, operational and infrastructure protection methods. In this paper, we analyze these and discuss the ireffectiveness and limitations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
