| NULL字符欺骗DNS监控系统的研究 |
| |
| 引用本文: | 章思宇,王鲁华,邹福泰.NULL字符欺骗DNS监控系统的研究[J].信息网络安全,2012(4):47-50. |
| |
| 作者姓名: | 章思宇 王鲁华 邹福泰 |
| |
| 作者单位: | 1. 上海交通大学信息安全工程学院,上海,200240
2. 国家计算机网络与信息安全管理中心,北京,100017 |
| |
| 基金项目: | 国家242信息安全计划资助项目[2011A004];信息网络安全公安部重点实验室开放课题[C11608] |
| |
| 摘 要: | DNS流量监测统计已广泛应用于互联网安全管理及研究。文章提出一种利用NULL字符欺骗DNS监控系统的方法,并实验验证了该方法利用的缺陷存在于Wireshark、Dnstop和Dsc流量分析软件,以及部分恶意代码沙盘分析系统及域名过滤设备中,并在隐藏恶意软件域名、DNS隐蔽通信流量中得到应用。
|
| 关 键 词: | 域名系统 网络监控 欺骗攻击 网络安全 |
Evading DNS Monitoring System with NULL Character |
| |
| ZHANG Si-yu
,
WANG Lu-hua
,
ZOU Fu-tai.Evading DNS Monitoring System with NULL Character[J].Netinfo Security,2012(4):47-50. |
| |
| Authors: | ZHANG Si-yu WANG Lu-hua ZOU Fu-tai |
| |
| Affiliation: | 1(1.School of Information Security,Shanghai Jiao Tong University,Shanghai 200240,China;2.National Computer Network and Information Security Administration Center,Beijing 100017,China) |
| |
| Abstract: | DNS traffic measurement is widely used in Internet security management and researches.This article proposed a method to evade DNS monitoring system with NULL character contained in domain names.Experiments confirmed that this vulnerability exists in traffic analysis software such as Wireshark,Dnstop and Dsc,as well as multiple malware sandbox analysis systems and domain filtering devices.Application of this method in concealing malicious domain names and DNS covert channels is also discussed. |
| |
| Keywords: | DNS network monitoring spoofing attack network security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
