@techreport{oai:ipsj.ixsq.nii.ac.jp:00046895, author = {永富, 洋文 and デニス・アルトナ・ルデニャ・ロマニャ and 武藏, 泰雄 and 松葉, 龍一 and 杉谷, 賢一 and Hirofumi, Nagatomi and Dennis, ArtonaLudenaRomana and Yasuo, Musashi and Ryuichi, Matsuba and Kenichi, Sugitani}, issue = {97(2006-DSM-043)}, month = {Sep}, note = {とある大学のDNSサーバにおけるIPv6ベースのDNSクエリパケットの流量について統計的解析を行ったところ、次の様な結果を得た。(1) IPv4ベースのセキュリティインシデントとの同期や、(2) IPv6のみを介してセキュリティスキャンの前準備をしている痕跡が見られた。これらの結果は、IPv6についてもIPv4の場合と同様に、ネットワーク流量を監視する必要があることを示している。, We investigated statistically on the IPv6 source IP address-based DNS query traffic a university campus network through January 1st to December 31st, 2005. The results are summarized, as follows: (1) Several security incidents in the IPv6-based DNS query traffic can be observed in or synchronized with the IPv4-based DNS query one like a mass mailing worm (MMW)- or spamming from the bot worm (BW)-infected PC terminals, and (2) we can also find a suspicious IPv6 based PTR resource record (RR) based DNS query traffic like a typical reverse domain resolution access in preparation for the next security scanning. Therefore, it can be clear that we should pay much attention not only IPv4 address based packet traffic but also IPv6 address based one when detecting the security incident in the campus or enterprise network system.}, title = {IPv6ベースのDNSクエリトラフィック解析}, year = {2006} }