Study on the near-real time DNS query analyzing system for DNS amplification attacks
نویسندگان
چکیده
منابع مشابه
Detecting DNS Amplification Attacks
DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The propo...
متن کاملPreventing DNS Amplification Attacks Using the History of DNS Queries with SDN
Domain Name System (DNS) amplification attack is a sophisticated Distributed Denial of Service (DDoS) attack by sending a huge volume of DNS name lookup requests to open DNS servers with the source address spoofed as a victim host. However, from the point of view of an individual network resource such as DNS server and switch, it is not easy to mitigate such attacks because a distributed attack...
متن کاملAnalyzing Root DNS Traffic
DNS servers often fail or have bad implementations of algorithms that decrease the efficiency of the DNS system. We introduce a method for clustering misconfigured DNS sources. Using machine learning methods, we analyzed 24 hours of DNS requests that were collected on the A-root DNS server. The 50 gigabyte data set was a log containing 10-40 million requests per hour. We selected the hour of 1:...
متن کاملCharacterizing Optimal DNS Amplification Attacks and Effective Mitigation
Attackers have used DNS amplification in over 34% of highvolume DDoS attacks, with some floods exceeding 300Gbps. The best current practices do not help victims during an attack; they are preventative measures that third-party organizations must employ in advance. Unfortunately, there are no incentives for these third parties to follow the recommendations. While practitioners have focused on re...
متن کاملAnalyzing the K-root DNS Anycast Infrastructure
K-root is one of the DNS root servers that make use of anycast. Anycast is used to scale the root servers and increase performance by spreading instances of the same server over different locations, at the cost of increased complexity. In this paper the anycast infrastructure of the K-root DNS server is analyzed in order to understand if the infrastructure provides optimal service to its client...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of the Korea Institute of Information Security and Cryptology
سال: 2015
ISSN: 1598-3986
DOI: 10.13089/jkiisc.2015.25.2.303