Manuscript Prep Instructions - Core Security
DISPOSABLE DOMAINSYizheng Chen, Manos Antonakakis, Wenke LeeGeorgia Institute of TechnologyAbstractIn recent years DNS has been increasinglyleveraged to build and scale highly reliablenetwork infrastructures. In this paper, we willintroduce and analyze a new class ofdomains, which we refer to as disposabledomains. Disposable domains appear to beheavily employed by common Internetservices (i.e., Search Engines, SocialNetworks, Online Trackers etc.), and theyseem to be automatically generated. They arecharacterized by a “one-time use” pattern,and appear to be used as a way of“signaling” via DNS. While this is yetanother “creative” use of the DNS to enablenew Internet applications and efficient scalingof services, little do we know about the sizeand DNS caching properties of this family ofdomains.To shed light on the pervasiveness andgrowth of disposable domains, we present astudy of their characteristics based on liveDNS traffic observed at Comcast, in a citythat serves millions of end users. We foundthat disposable domains increased from23.1% to 27.6% in all queried domain names,and from 27.6% to 37.2 % among all resolveddomain names daily, and more than 60% ofall distinct resource records observed daily inmodern DNS traffic are related to disposabledomains. We discuss the possible negativeimplications that disposable domains mayhave on the DNS caching infrastructure,resolvers validating DNSSEC transactions,and passive DNS data collection systems.INTRODUCTIONDomain Name System was originallydesigned for mapping a human-friendlydomain name to a machine-readable IPaddress. Over the years, people have usedDNS in new ways to make their services moreagile and scalable. However, they all hadunanticipated and sometimes negative impactas the following three examples shows.The first example is using DNS to select aContent Delivery Network (CDN) server thatis closest to client. When a CDN sees a DNSrequest for content, it will return a CDNserver IP address that is closest to therequester IP, and with small load at the time.Since what CDN sees is the IP address of theDNS server that user’s machine is configuredto, not the user’s IP address, the effectivenessof such approach depends on how close usersare to their local DNS servers. Researchers [1]have shown that 64% of associations of user’sand the local DNS server’s IP addresses are inthe same Autonomous System. However, only16% of associations are in the same networkaware clusters, from the perspective of BGProutes. The second example is browserprefetching to speed up webpage loadingperformance [2]. When a user is enteringsearch queries, the browser will look upunfinished search queries as possible domainnames and pre-resolve all the domain namesbefore user finishes typing. The design ofprefetching is used for web objects as well, tominimize the delay user perceives whilebrowsing. However, an unanticipated negativeimpact from that is DNS prefetching couldpotentially leak user’s privacy by exposingthe search terms in just the DNS queries. Thelast example is NXDOMAIN redirection fordisplaying commercials. Parked domains areoften redirected to advertisement pages tomonetize existing users for the old domainname. The practice of doing that was called“DNS lie” [3] [4]. It has always beencontroversial of whether ISPs should do that,since advertisement page is not the page usersintend to look for.
Figure 1. Three examples of disposable domain names from eSoft, McAfee, and Google.As the Internet has evolved over the years,more service providers, such as popularsearch engines, social networks, and onlinetrackers, began to use a new class of domainnames, that we call disposable domains.Disposable domains almost seem to be anatural result of people seeking even moreagility and scalability for their Internetservices. Using disposable domains, serviceproviders don’t need to set up any dedicatedinfrastructure for their service, but to simplyoverload DNS with customized protocols. Wewill discuss the properties of this new class ofdomain names, specifically focusing on theiralgorithmically-generated zone structures andtheir low cache hit rates obtained from acluster of recursive DNS resolvers operatedby Comcast, a large north-American ISP.very costly for ISPs in a DNSSEC-enabledrecursive environment. Lastly, disposabledomains increase the storage requirement forpassive DNS data collection systems, andcould potentially degrade database querylatency.This increase in use of disposable domainsmay have unanticipated negative effects onday-to-day DNS operations for large ISPs. Forinstance, a large number of DNS requests fordisposable domains could fill up the cache ofrecursive DNS resolvers. Such an event maycause premature cache evictions of nondisposable domains, which would degradeDNS service for the ISP. In turn, thesepremature evictions may inflate the trafficbetween the DNS resolvers and authoritativename servers, a phenomenon that could beMINING DISPOSABLE DOMAINSIn the rest of the paper, we will first showsome examples of disposable domains anddiscuss their properties. Then we will providesupporting evidence on how disposabledomains are currently used by large serviceproviders. Lastly, we will discuss possiblenegative implications that the growth indisposable domains may have on the DNScaching infrastructure, DNSSEC-validatingresolvers, and passive DNS data collectionsystems.In this section we will define disposabledomain names and we will provide some realworld examples of their use in case studies.Then, we will discuss the prevalence ofdisposable domains. We define disposabledomain names as successfully resolveddomain names that have the followingproperties:
1). Their name strings are automaticallygenerated.2). The median cache hit rate for the resourcerecords of child domain names under a zonethat facilitates disposable domain names islow or close to zero. In other words, theresource records under that particular zone areonly observed once, or a handful of times,when they are in the recursive DNS servers’cache.domains are zero. On the other hand, cache hitrates of non-disposable domains follow acloser to linear cumulative distribution, andthe median cache hit rate would be around40%. In general, resource records ofdisposable domain names are used only onceor up to a few times while they are in therecursive cache, which results in the overalllow cache hit rate distribution for domainsunder disposable zones.Measurement ResultsCase StudiesFigure 1 shows three examples of what wedefine as disposable domain names. TheeSoft (i) domain names are used as a storagecommunication channel that reports CPUload, machine up time, memory usage andswap disk usage. The McAfee [5] (ii) domainnames are used for file reputation queries onbehalf of McAfee’s Global Threat IntelligenceFile reputation Service. This is yet anothercase of using the DNS as an informationstorage communication channel. Lastly,Google’s IPv6 experiment domains [6] (iii)are queried by browsers of selected users thatperform cryptographically signed backgroundrequests after receiving their search results.The background requests record IPv4 andIPv6 addresses, image request latency, andUser-Agent strings.Examining the zone structures from Figure2 shows that 1) disposable domain names tendto have same number of periods (“.”), 2) atcertain places between two periods, the labelsare “random-looking”. The structure propertyreflects how zone operators parse and usedifferent parts of disposable domains fordifferent purposes or transfer differentinformation, by using algorithm-generatedstrings.In addition to zone structural properties,disposable domains typically have very low orsometimes zero cache hit rates. Usually, over90% of cache hit rates from disposableWe built a disposable domain minersystem to automatically mine disposabledomains. The technical details of our systemcan be found in [7]. Over the period of a year,we found 14,488 zones that use disposabledomains, with a confidence of more than90%. Disposable domains are used by variousindustries, including popular websites (e.g.,Google, Microsoft), Anti-Virus companies(e.g., McAfee, Sophos, Sonicwall, Mailshell),DNSBLs (e.g., Spamhaus, countries.nerd.dk),social networks (e.g., Facebook, Myspace),streaming services (e.g., Netflix), P2Pservices (e.g., Skype), cookie trackingservices (e.g., Esomniture, 2o7.net), adnetworks(e.g.,AdSense,BluelinkMarketing), e-commerce business (e.g.,Paypal, ClickBank), etc.Disposable domains are not only widelyused currently, but are also increasingly beingused. For unique domains being queried byclients, the percentage of disposable domainsincreased from 23.1% to 27.6%. Also, of thedaily resolved unique domains the percentage of disposable domains grew from 27.6%to 37.2% over the year of 2011. From trafficduring 11/28/2011 to 12/10/2011, we observethat the number of new disposable domainsseen every day is always high, around 5million to 7 million. However, the number ofnew non-disposable domains dropped from 13million to 1.6 million. So after one day, morethan 50% of new domains seen daily aredisposable, and after 13 days, more than 80%
of new domains seen daily are disposable,since new disposable domains are constantlygenerated. Moreover, the volume of uniquedisposable resource records daily increasedfrom 8,111,274 (02/01/2011) to 29,738,493(12/30/2011), during which 33,704,127 wereobserved on 11/14/2011. The percentage ofdaily unique disposable RRs increased from38.3% to 65.5%.DISCUSSIONIn this section, we will discuss possiblenegative effects of using disposable domains.We will discuss their impact on DNScaching, DNSSEC-enabled resolvers, andpassive DNS databases, so that the operationalcommunity can anticipate them and planahead in case changes to current DNSoperations are needed.DNS CachingAs disposable domains are increasinglyused, the cache of recursive DNS servers maybe filled up with entries that are highlyunlikely to be reused. Assuming a typicalLeast Recently Used cache implementationwith fixed memory allocation, during periodsof heavy load, queries to disposable domainsmay cause some useful non-disposabledomains to be prematurely evicted from thecache. In turn, this may have the effect ofunfairly inflating the traffic between the DNSresolvers and the authoritative name serversresponsible for the evicted non-disposabledomains, thus increasing the query-responselatency.DNSSECThere will inevitably be more pressure onvalidating resolvers when DNSSEC becomesmore widely deployed. Validating signedresponses requires higher CPU usage, andincreased memory needs due to DNSSECspecifications [8] [9] [10]. Disposabledomains will naturally, and potentiallydramatically, increase this pressure onvalidating resolvers. In fact, each querieddisposable domain may require an additionalsignature validation whose result will neverbe reused. Also, the cache must not only storethe disposable RRs, but also their signatures.This problem may be mitigated in part if theauthoritative servers responsible for thedisposable zones register disposable domainsunder a single signed wildcard domain, fromwhich the disposabledomains aresynthesized.pDNS-DBPassive DNS database systems (pDNSDBs) have recently been adopted by computersecurity and networking communities as aninvaluable tool to analyze security incidents,monitor and troubleshoot DNS operations,and develop dynamic reputation systems [11][12]. Disposable domains have the effect ofincreasing pDNS-DB storage requirements,and potentially their query-response latency,depending on the implementation. In fact, wefound that after bootstrapping a pDNS-DBwith 13 days of resolution traffic, 88% of allunique resource records in the database aredisposable, and new RRs related to disposabledomains make up more than 94% of all thenew distinct RRs observed daily. The problemcan be mitigated by filtering disposabledomains and storing a single wildcard domainin the pDNS-DB.REFERENCES[1] Z. M. Mao, C. D. Cranor, F. Douglis, M.Rabinovich, O. Spatscheck, and J. Wang. Aprecise and efficient evaluation of theproximity between web clients and their localdns servers. In Proceedings of the GeneralTrack of USENIX ATEC, 2002.[2] S. Krishnan and F. Monrose. DNSprefetching and its privacy implications: whengood things go bad. In Proceedings ofUSENIX Workshop on LEET, 2010.
[3] P. Vixie. What dns is not. Queue, (10),Nov. 2009.[4] N. Weaver, C. Kreibich, and V. Paxson.Redirecting DNS for Ads and Profit. InUSENIX Workshop on Free and OpenCommunications on the Internet (FOCI),2011.[5] McAfee. Faqs for global .com/corporate/index?page content&id KB53735, 2013.[6] S. H. Gunderson. Global IPv6 statistics:Measuring the current state of IPv6 forordinary users. In Proceedings of the Seventythird Internet Engineering Task Force, 2008.[7] Y. Chen, M. Antonakakis, R. Perdisci, Y.Nadji, D. Dagon, W. Lee. DNS Noise:Measuring the Pervasiveness of DisposableDomains in Modern DNS Traffic. Inproceedings of the 44th Annual IEEE/IFIPInternational Conference on DependableSystems and Networks, 2014.[8] R. Arends, R. Austein, M. Larson, D.Massey, and S. Rose. Dns f.org/rfc/rfc4033.txt,March2005.[9] R. Arends, R. Austein, M. Larson, D.Massey, and S. Rose. Protocol modificationsfor the dns security extensions, rfc .[10] R. Arends, R. Austein, M. Larson, D.Massey, and S. Rose. Resource records for fc4034.txt,March2005.[11] M. Antonakakis, R. Perdisci, D. Dagon,W. Lee, and N. Feamster. Building a DynamicReputation System for DNS. In Proceedingsof USENIX Security Symposium, 2010.[12] M. Antonakakis, R. Perdisci, W. Lee, D.Dagon, and N. Vasiloglou. DetectingMalware Domains at the Upper DNSHierarchy. In Proceedings of USENIXSecuritySymposium,2011.
Paypal, ClickBank), etc. Disposable domains are not only widely used currently, but are also increasingly being used. For unique domains being queried by clients, the percentage of disposable domains increased from 23.1% to 27.6%. Also, of the daily resolved unique domains the percent- age of disposable domains grew from 27.6%
Colon cleansing tips: 1. Stay near a toilet! You will have diarrhea, which can be quite sudden. This is normal. 2. Continue to drink the prep solution every 10-15 minutes, as directed. Drinking the NuLytely cold (over ice or refrigerated) may be easier. Some people also find it easier to drink it with a straw. 3.File Size: 201KBPage Count: 5Explore furtherHow to Do a Bowel Prep for Colonoscopy or Surgerywww.verywellhealth.comBowel Prep Caseshermainengorx.files.wordpress.comBOWEL PREP INSTRUCTIONS FOR COLON SURGERYwww.universitybariatrics.comBowel Preparation for Colorectal Surgery Stanford Health .stanfordhealthcare.orgBOWEL PREP INSTRUCTIONS FOR COLON SURGERYwww.universitybariatrics.comRecommended to you based on what's popular Feedback
All Star Legacy Divas Junior Prep Level 2 17 73.3 3 3 3 Shockwave Allstars Intensity Junior Prep Level 2 21 71.9 4 NA NA Galaxy Allstars SuperNova Junior Prep Level 2 11 68.4 5 NA NA Shockwave Allstars Vortex Senior Prep Level 2 30 72.8 1 1 1 FAME Victorious Senior Prep Level 2 21 72.5 2 2 2 Shockwave Allstars Flare Junior Prep Level 3 22 72.35 .
PrEP is a choice -Depending on situation, PrEP may be a life-long commitment or only used during "seasons of risk" PrEP is one of many HIV prevention strategies -The more approaches used, the better the protection against HIV Individuals must test HIV negative to start and continue PrEP Adherence is essential for PrEP to work,
111. Burt Bacharach 4. All That Heaven Allows Rep. Manuscript Away All Boats Rep. Manuscript Swell Guy Rep. Manuscript Star in the Dust Rep. Manuscript Shenandoah Rep. Manuscript Music by Frank Skinner Universal Studios 4-78RPM Back Street Arabian Nights Saboteur Back Street (A Collection) Universal Studios Universal Studios
essential part of your training and the EMPOWER Test Prep course. Video explanations for all Official Guide question are also available in the EMPOWER Test Prep library. POWERPREP PLUS Online - Practice Tests 1, 2, and 3 Included in certain EMPOWER Test Prep resource plans, or available at a 25% discount in your EMPOWER Test Prep account.
Elite Prep Summer 2022 Schedule your free college prep consultation today » Elite Prep San Ramon 3160 Crow Canyon Rd #190, San Ramon, CA 94583 (925) 830-9200 sanramon@eliteprep.com SAT & ACT Prep For-Credit Courses: AP & Dual-Credit Academic Enrichment & Tutoring Programs Extracurricular Activities College Consulting
Highland Prep and Madison Highland Prep are STEM college-preparatory charter high schools and share common governance, management, academic and program models. Highland Prep has grown from 81 students (2017-18) to its current enrollment of 428. Madison Highland Prep serves approximately 450 students.
for the Provision of PrEP Services in Title X-Funded Family Planning Service Sites. to assist in . organizational decision-making for leadership at Title X service sites who are considering beginning to offer PrEP services, considering offering a higher level of PrEP services, or unsure about offering PrEP services. While this guide was initially
