E N D
1. ??DNS???????Botnet????
2. ?? ??
??
??
??
3. ???? ????(Botnet),?????????????,??????????? (bot??),??????????????????????????????????????
????????????,????????,?????????????,???????????????,????????????????????????????????
Bot??????????????90??,???Unix????Bot?1993??Eggdrop Bot,????IRC???????????1999?11????SubSeven 2.1???????IRC????????????,????IRC???bot??????,?GTBot?Sdbot?Agobot?,????IRC????????????2004????Phatbot?Agobot????,??????P2P???????????,????????????,????IRC ?????HTTP ?????AOL ?????P2P ?????
????????????,????????,?????????????,???????????????,????????????????????????????????
Bot??????????????90??,???Unix????Bot?1993??Eggdrop Bot,????IRC???????????1999?11????SubSeven 2.1???????IRC????????????,????IRC???bot??????,?GTBot?Sdbot?Agobot?,????IRC????????????2004????Phatbot?Agobot????,??????P2P???????????,????????????,????IRC ?????HTTP ?????AOL ?????P2P ?????
4. DNS?? ??????(DNS)????????????,???????????IP????,?Internet????????
5. DNS vs Botnet?? Botnet???????DNS??C&C???,????????????
6. ?
7. ?
8. ???? DNS Measurements at a Root Server
Brownlee, N.claffy, k.Nemeth, E.
GLOBECOM, 2001
Detecting Mass-Mailing Worm Infected Hosts by Mining DNS Traffic Data.
Yasuo Musashi, Ryuichi Matsuba, and Kenichi Sugitani.
SIGCOMM , 2005
Passive Monitoring of DNS Anomalies
Zdrnja, B. Brownlee, N.Wessels, D.
DIMVA Conference, 2007
9. ?? ??
??
??
??
10. DNS?????? ?DNS???????????????????
???????????DNS???????? ??
?????????DNS??
?????????????DNS?????????
11. ?????
12. ??? ??
??/??IP/???IP/??/????/????
Perl+MySQL
13. ???? ???DNS???
????????DNS????,???????(?10%)???????????DNS???
???????
?????????A,PTR??,?????MX???AXFR/IXFR?
14. ?????? Ripper
??????????????
??
?????????
????
????
15. ?? ??
??
??
??
16. ?? 2006?7?~2006?8?
??????180,000????,??????????,?300????????
17. ??????
18. DNS????????? ??NAT??
??????
19. ??