Mitigating DoS Attacks against the DNS with Dynamic TTL Values
نویسنده
چکیده
This paper describes and analyzes a new mechanism to mitigate flooding Denial of Service (DoS) attacks against the Domain Name System (DNS). This mechanism is based on increasing the Time To Live (TTL) value of end-host IP addresses (DNS A records) when a name server is being overloaded with DoS attack traffic. This mechanism is most suitable for popular name servers providing authoritative DNS A records with short TTL values. According to the simulation results, both the average delay and the percentage of failed DNS lookups decrease clearly during a flooding DoS attack. For example, increasing the TTL of DNS A records from 10 minutes to 2 hours decreases the average percentage of failed DNS lookups from 16% to less than 3%, when 90% of the DNS requests are lost due to a DoS attack.
منابع مشابه
A Simple Approach to DNS DoS Defense
We consider DoS attacks on DNS where attackers flood the nameservers of a zone to disrupt resolution of resource records belonging to the zone and consequently, any of its sub-zones. We argue that a minor change in the caching behavior of DNS resolvers can significantly mitigate the impact of such attacks. In our proposal, DNS resolvers do not completely evict cached records whose TTL has expir...
متن کاملReview of Mitigating DNS DoS Attacks
The Domain Name system (DNS) has become a ubiquitous part of modern internet infrastructure that maps numeric IP address to human-readable names. In the recent years, denial of service (DoS) attacks on DNS has a trend to be more serious problems. These attack is mainly related the hierarchical namespace architecture, which is hard to avoid as this architecture are widely deployment in multi-lev...
متن کاملThe Case for Pushing DNS
The Domain Name System (DNS, [2]) has long been a critical part of the Internet infrastructure. The successful Denial-of-Service (DoS) attacks against Microsoft’s DNS servers in 2001 and the unsuccessful DoS attacks on the root name servers in 2002 have raised concerns about the vulnerability of the DNS. Operators responded by hardening the infrastructure, and using BGP anycast to replicate the...
متن کاملDenial-of-service detection and mitigation for SIP communication networks
The Session Initiation Protocol (SIP) is the multimedia communication protocol of the future. Used for Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol Television (IPTV), its concepts are based on mature and open standards and its use is increasing rapidly within recent years. However, with its acceptance as a mainstream communication platform, security concerns b...
متن کاملContent-Centric Networking: Effect of Content Caching on Mitigating DoS Attack
Content-Centric Networking (CCN) is a novel networking paradigm making named data the first class entity rather than IP address. That is, it cares about which data to fetch rather than which host to reach. One key feature of CCN is the content caching that CCN routers are caching named contents instead of IP addresses, which makes the effect of Denial-of-Service (DoS) attack different from in T...
متن کامل