期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于DNS缓存中毒的Webmail攻击及防护 被引量:5

Attack and Defense of Webmail Based on DNS Cache Poisoning
下载PDF
导出
摘要 针对Webmail的特性,提出一种基于域名系统(DNS)缓存中毒(Cache Poisoning)的Web邮箱(Webmail)攻击技术,并对整个攻击流程进行描述,实现了对当前安全性较高的Live Mail的成功攻击,验证DNS Cache Poisoning潜在的危害性,提出相应的安全防护手段。 According to the characteristics of Webmail, this paper proposes a new attack method based on DNS Cache Poisoning, and presents an attacking framework. Experimental results show that it can attack Live Mail successfully, so it can testify the potential risk of DNS Cache Poisoning. Three methods are given to defense the attack.
作者 张红轻 王道顺
机构地区 清华大学计算机科学与技术系
出处 《计算机工程》 CAS CSCD 北大核心 2009年第4期125-127,共3页 Computer Engineering
关键词 域名系统 缓存中毒 WEB邮箱 攻击 DNS Cache Poisoning Webmail attack
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1Olzak T. DNS Cache Poisoning: Definition and Prevention[EB/OL]. (2006-03-02). http://www.infosecwriters.com.
  • 2Jackson C, Barth A, Bortz A, et al. Protecting Browsers from DNS Rebinding Attacks[C]//Proc. of the 14th ACM Conference on Computer and Communications Security. Alexandria, Virginia, USA: [s. n.], 2007.
  • 3Yuan Lihua, Kant K, Mohapatra P. DoX: A Peer'to-Peer Antidote for DNS Cache Poisoning Attacks[C]//Proc. of IEEE ICC'06. Istanbul, Turkey: [s. n.], 2006.
  • 4Martin J. Anti-DNS Pinning (DNS Rebinding)+Java in JavaScript: Online Demonstration[EB/OL]. (2007-02-16). http://www.jumperz. net.
  • 5Simo. Hotmail/MSN Cross Site Scripting Vulnerability[EB/OL]. (2006-08-15). http://seclists.org/fullclisclosure/20061Aug/0278.html.
  • 6Graham R, Maynor D. Data Seepage[EB/OL]. (2007-07-28). https:// www.blackhat.com/presentations/bh-dc-07/Maynor_Graham/Presen tation/bh-dc-07-Maynor_G-raham-up.pdf.
  • 7Pope M. Basics of Cookies in ASP.NET[EB/OL]. (2003-01-25). http://msdn2.microsoft.com/en-us/library/aa289495(vs.71 ).asp.
  • 8Stewart J. DNS Cache Poisoning-The Next Generafion[EB/OL]. (2007-08-25). http://www.secureworks.com/research/articles/dnscache-poisoning/.
  • 9Eastlake D. Domain Name System Security Extensions[EB/OL]. (1999-03-10). http://www.ietf.org/rfc/rfc2535.txt.

同被引文献34

  • 1陈秀真,郑庆华,管晓宏,林晨光.基于粗糙集理论的主机安全评估方法[J].西安交通大学学报,2004,38(12):1228-1231. 被引量:12
  • 2李艺,李新明,姜湘岗.基于Unix/Linux系统的软件脆弱性分类法[J].计算机工程,2005,31(6):4-6. 被引量:1
  • 3陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342
  • 4Mahoney M V,Chan P K.PHAD:Packet Header Anomaly Detection for Identifying Hostile Network Traffic[Z].(2001-04-11).http://cs.fit.edu/-tr/.
  • 5Hanemann A,Schmitz D,Sailer M.A Framework for Failure Impact Analysis and Recovery with Respect to Service Level Agreements[C]//Proc.of IEEE International Conference on Services Computing.Piscataway,USA:IEEE Press,2005.
  • 6Danzig P B,Obraczka K,Kumar A.An Analysis of Wide-area Name Server Traffic[C]//Proc.of ACM SIGCOMM'92.[S.l.]:ACM Press,1992.
  • 7Roesch M,Green C.Snort Users Manual[EB/OL].(2003-04-08).http://www.snort.org/docs/snortman-ja.pdf.
  • 8Power R.Current and Future Danger:A CSI Primer of Computer Crime & Information Warfare[R].San Francisco,CA,USA:Computer Security Institute,Tech.Rep.:CSE-96-11,1996.
  • 9McGraw G,Felten E W.Java Security:Hostile Applets,Holes and Autidotes[M].New York,USA:John Wiley & Sons Inc.,1997.
  • 10Song Guangfeng,Mandujano S.CERIAS Classic Vulnerability Database User Manual[R].Chicago,USA:Purdue University,Tech.Rep.:CERIAS-TR-2000-17,2000.

引证文献5

二级引证文献5

计算机工程
2009年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部