DarkDNS: Revisiting the Value of Rapid Zone Update
CoRR(2024)
摘要
Malicious actors exploit the DNS namespace to launch spam campaigns, phishing
attacks, malware, and other harmful activities. Combating these threats
requires visibility into domain existence, ownership and nameservice activity
that the DNS protocol does not itself provide. To facilitate visibility and
security-related study of the expanding gTLD namespace, ICANN introduced the
Centralized Zone Data Service (CZDS) that shares daily zone file snapshots of
new gTLD zones. However, a remarkably high concentration of malicious activity
is associated with domains that do not live long enough make it into these
daily snapshots. Using public and private sources of newly observed domains to
identify this activity, we discover that even with the best available data
there is a considerable visibility gap. We find that the daily snapshots miss
at least 1
always registered with malicious intent. In reducing this critical visibility
gap using public sources of data, we demonstrate how more timely access to TLD
zone changes can help better prevent abuse. We hope that this work sparks a
discussion in the community on how to effectively and safely revive the concept
of sharing Rapid Zone Updates for security research.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要