Baojun Liu

Baojun Liu
Tsinghua University | TH · Institute for Network Science and Cyberspace

About

26
Publications
18,779
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
291
Citations

Publications

Publications (26)
Conference Paper
In this paper, we report MaginotDNS, a powerful cache poisoning attack against DNS servers that simultaneously act as recursive resolvers and forwarders (termed as CDNS). The attack is made possible through exploiting vulnerabilities in the bailiwick checking algorithms, one of the cornerstones of DNS security since the 1990s, and affects multiple...
Conference Paper
In this paper, we propose Phoenix Domain, a general and novel attack that allows adversaries to maintain the revoked malicious domain continuously resolvable at scale, which enables an old, mitigated attack, Ghost Domain. Phoenix Domain has two variations and affects all mainstream DNS software and public DNS resolvers overall because it does not v...
Article
Full-text available
DNS (Domain Name System) is one fundamental Internet infrastructure related to most network activities. As a feasible tool to govern the Internet, DNS’s stability and interoperability will be impacted by the countries’ policies or actions along the path. Especially now that many countries have stricter control over the Internet and even sometimes "...
Conference Paper
Full-text available
Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bit address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by...
Conference Paper
Full-text available
When a domain is registered, information about the registrants and other related personnel is recorded by WHOIS databases owned by registrars or registries (called WHOIS providers jointly), which are open to public inquiries. However, due to the enforcement of the European Union’s General Data Protection Regulation (GDPR), certain WHOIS data (i.e.,...
Preprint
Full-text available
As a fundamental communicative service, email is playing an important role in both individual and corporate communications, which also makes it one of the most frequently attack vectors. An email’s authenticity is based on an authentication chain involving multiple protocols, roles and services, the inconsistency among which creates security threat...
Conference Paper
Full-text available
Fake base station (FBS) has been exploited by criminals to attack mobile users by spamming fraudulent messages for over a decade. Despite that prior work has proposed several techniques to mitigate this issue, FBS spam is still a long-standing challenging issue in some countries, such as China, and causes billions of dollars of financial loss every...
Conference Paper
Full-text available
HTTPS is principally designed for secure end-to-end communication , which adds confidentiality and integrity to sensitive data transmission. While several man-in-the-middle attacks (e.g., SSL Stripping) are available to break the secured connections, state-of-the-art security policies (e.g., HSTS) have significantly increased the cost of successful...
Conference Paper
Full-text available
A content delivery network (CDN) improves the accessing performance and availability of websites via its globally distributed network infrastructures, which contributes to the thriving of CDN-powered websites on the Internet. Because CDN-powered websites normally operate important businesses or critical services, attackers are mostly interested in...
Chapter
Full-text available
In this paper, we present a large-scale analysis about an emerging new type of domain-name fraud, which we call levelsquatting. Unlike existing frauds that impersonate well-known brand names (like google.com) by using similar second-level domain names, adversaries here embed brand name in the subdomain section, deceiving users especially mobile use...
Conference Paper
Full-text available
In this paper, we present a large-scale analysis about an emerging new type of domain-name fraud, which we call levelsquatting. Unlike existing frauds that impersonate well-known brand names (like google.com) by using similar second-level domain names, adversaries here embed brand name in the subdomain section, deceiving users especially mobile use...
Conference Paper
Full-text available
DNS packets are designed to travel in unencrypted form through the Internet based on its initial standard. Recent discoveries show that real-world adversaries are actively exploiting this design vulnerability to compromise Internet users' security and privacy. To mitigate such threats, several protocols have been proposed to encrypt DNS queries bet...
Conference Paper
Full-text available
An emerging Internet business is residential proxy (RESIP) as a service, in which a provider utilizes the hosts within residential networks (in contrast to those running in a datacenter) to relay their customers' traffic, in an attempt to avoid server-side blocking and detection. With the prominent roles the services could play in the underground b...
Conference Paper
Full-text available
Illicit traffic monetization is a type of Internet fraud that hijacks users' web requests and reroutes them to a traffic network (e.g., advertising network), in order to unethically gain monetary rewards. Despite its popularity among Internet fraudsters, our understanding of the problem is still limited. Since the behavior is highly dynamic (can ha...
Conference Paper
Full-text available
DNS is a critical service for almost all Internet applications. DNS queries from end users are handled by recursive DNS servers for scalability. For convenience, Internet Service Providers (ISPs) assign recursive servers for their clients automatically when the clients choose the default network settings. On the other hand, users should also have t...
Article
Full-text available
As a path vector protocol, Border Gateway Protocol (BGP) messages contain an entire Autonomous System (AS) path to each destination for breaking arbitrary long AS path loops. However, after observing the global routing data from RouteViews, we find that BGP AS Path Looping (BAPL) behavior does occur and in fact can lead to multi-AS forwarding loops...
Conference Paper
Full-text available
Domain names have been exploited for illicit online activities for decades. In the past, miscreants mostly registered new domains for their attacks. However, the domains registered for malicious purposes can be deterred by existing reputation and blacklisting systems. In response to the arms race, miscreants have recently adopted a new strategy, ca...

Network

Cited By

Projects