Measuring and detecting Fast-Flux service networks
Jump to navigation
Jump to search
(Publication) Google search: [1]
Measuring and detecting Fast-Flux service networks | |
---|---|
Botnet | Storm |
Malware | Storm Worm |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2008 / |
Editor/Conference | University of Mannheim & Fraunhofer FIRST |
Link | http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf uni-mannheim.de (pdf) (uni-mannheim.de (pdf) Archive copy) |
Author | Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix C. Freiling |
Type |
Abstract
“ We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2008BFR903, editor = {University of Mannheim & Fraunhofer FIRST}, author = {Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix C. Freiling}, title = {Measuring and detecting Fast-Flux service networks}, date = {01}, month = May, year = {2008}, howpublished = {\url{http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf uni-mannheim.de (pdf)}}, }