1. 2. 3.
1...1 2 DNS...1 2.1...1 2.2...2 2.3...3 2.3.1...3 2.3.2...3 2.3.3...4 2.3.4...5 2.3.5...5 2.4...5 3...6 4...6...8 1....8 2....8 3....8 4....9 5....9 6....9 6-1. conf...10 6-2....14 6-3....16 6-4....17 6-5. cache...17 6-6....20 6-7....20 7....21 7-1. /etc/resolv.conf...21 7-2. /etc/nsswitch.conf...21 8. named...22 i
9....22 ii
1 2006/05/12 1 DNS M&A phishing phishing DNS DNS DNS DNS DNS&BIND 2 DNS 2.1 jp jp Web 1
M&A jp 1 jp 6 com gtld cctld jp phishing 2.2 IP whois 2
2.3 2.3.1 BIND BIND BIND djbdns http://ketil.froyn.name/poison.html cache poisoning www.example.com HTML HTML MUA www.example.com example.com example.com example.com. IN NS ns.example.com. IN NS online.goodbank.com. ns.examle.com IN A 192.168.10.1 online.goodbank.com IN A 192.168.10.2 example.com ns.example.com IP online.goodbank.com IP 192.168.10.2 online.goodbank.com phishing MTA MTA BIND 2.3.2 3
IP resolv.conf DNS DDoS DNS Web DNS 2.3.3 CNAME CNAME spam OS 4
53/udp,tcp IP TTL TTL IP 2.3.4 IP NS IP example.ac.jp ns.example.ac.jp ns.exampleac.jp exampleac.jp IP 2.3.5 IP P2P 53 IP 2.4 visa.co.jp http://www.e-ontap.com/ phishing 5
3 ISP DHCP IP PC IP IP URL example.ac.jp Web login.example.ac.jp login.example.ac login.example.ac.jp ID cctld ac cctld ne co ac.jp ac phishing Web cctld jp ac Web 4 DNS spam spam 6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23