DNSBotnet

1. ??DNS???????Botnet????

2. ?? ?? ?? ?? ??

3. ???? ????(Botnet),?????????????,??????????? (bot??),?????????????????????????????????????? ????????????,????????,?????????????,???????????????,???????????????????????????????? Bot??????????????90??,???Unix????Bot?1993??Eggdrop Bot,????IRC???????????1999?11????SubSeven 2.1???????IRC????????????,????IRC???bot??????,?GTBot?Sdbot?Agobot?,????IRC????????????2004????Phatbot?Agobot????,??????P2P???????????,????????????,????IRC ?????HTTP ?????AOL ?????P2P ????? ????????????,????????,?????????????,???????????????,???????????????????????????????? Bot??????????????90??,???Unix????Bot?1993??Eggdrop Bot,????IRC???????????1999?11????SubSeven 2.1???????IRC????????????,????IRC???bot??????,?GTBot?Sdbot?Agobot?,????IRC????????????2004????Phatbot?Agobot????,??????P2P???????????,????????????,????IRC ?????HTTP ?????AOL ?????P2P ?????

4. DNS?? ??????(DNS)????????????,???????????IP????,?Internet????????

5. DNS vs Botnet?? Botnet???????DNS??C&C???,????????????

6. ?

7. ?

8. ???? DNS Measurements at a Root Server Brownlee, N.claffy, k.Nemeth, E. GLOBECOM, 2001 Detecting Mass-Mailing Worm Infected Hosts by Mining DNS Traffic Data. Yasuo Musashi, Ryuichi Matsuba, and Kenichi Sugitani. SIGCOMM , 2005 Passive Monitoring of DNS Anomalies Zdrnja, B. Brownlee, N.Wessels, D. DIMVA Conference, 2007

9. ?? ?? ?? ?? ??

10. DNS?????? ?DNS??????????????????? ???????????DNS???????? ?? ?????????DNS?? ?????????????DNS?????????

11. ?????

12. ??? ?? ??/??IP/???IP/??/????/???? Perl+MySQL

13. ???? ???DNS??? ????????DNS????,???????(?10%)???????????DNS??? ??????? ?????????A,PTR??,?????MX???AXFR/IXFR?

14. ?????? Ripper ?????????????? ?? ????????? ???? ????

15. ?? ?? ?? ?? ??

16. ?? 2006?7?~2006?8? ??????180,000????,??????????,?300????????

17. ??????

18. DNS????????? ??NAT?? ??????

19. ??