MiND: Misdirected DNS Packet Detector

S. Yadav and A.L.N. Reddy (USA)


Database, DNS, Indirection, MiND, Poisoning


In this paper, we present MiND, a tool to detect DNS packet indirection attacks within an autonomous system (AS). MiND uses a name server database to detect misdi rected DNS queries by examining only the network layer in formation. The name server database uses publicly available DNS PTR and NS records to populate itself. The validity and authenticity of name server information is ensured through continuous updates. Using our tool, we detect the presence of malicious domains within our autonomous system. Our analysis using MiND results in a false positive rate of less than 0.8%, with improved query verification latency when compared to prior solutions. We deploy MiND as an online analysis tool without requiring significant infrastructure up grade or coordination from different entities.

Important Links:

Go Back