DEEPAV2: A DNS monitor tool for prevention of public IP DNS rebinding attack

Abstract

Domain Name Systems (DNS) play a vital role in the proper functioning of the internet Almost all internet applications rely on DNS for the name resolutions. The existing DNS infrastructure has a number of security vulnerabilities and it is prone to attacks such as DNS Cache Poisoning attack, DNS Rebinding attack. Flooding attack, etc. If a DNS server is compromised, it affects all the users of the internet, resulting in adverse effect In this paper the focus has been on the prevention of DNS Rebinding attack. The solution for detecting and preventing DNS rebinding attack has been incorporated into DEEP A1. The extended DEEPA, viz., DEEPAV2 tool, containing the enhanced packet analyzer, the traffic differentiator, and enhanced packet filter modules, detects and differentiates the abnormal group of activities in the DNS traffic caused by the public IP DNS rebinding attack which is the combination of classical DNS rebinding attack and Anti-DNS pinning attack. The DEEPAV2 effectively filters the DNS rebinding attack packets by deeply analyzing the DNS packets. As the DNS rebinding attack is prevented, the subsequent attacks such as pharming, phishing, click frauds, email spamming, etc., could be prevented.