Characterizing Optimal DNS Amplification Attacks and Effective Mitigation
نویسندگان
چکیده
Attackers have used DNS amplification in over 34% of highvolume DDoS attacks, with some floods exceeding 300Gbps. The best current practices do not help victims during an attack; they are preventative measures that third-party organizations must employ in advance. Unfortunately, there are no incentives for these third parties to follow the recommendations. While practitioners have focused on reducing the number of open DNS resolvers, these efforts do not address the threat posed by authoritative DNS servers. In this work, we measure and characterize the attack potential associated with DNS amplification, along with the adoption of countermeasures. We then propose and measure a mitigation strategy that organizations can employ. With the help of an upstream ISP, our strategy will allow even poorly provisioned organizations to mitigate massive DNS amplification attacks with only minor performance overheads.
منابع مشابه
The best bang for the byte: Characterizing the potential of DNS amplification attacks
DNS amplification has been instrumental in over 34% of high-volume network DDoS attacks, with some floods exceeding 300Gbps. Today’s best practices require Internet-wide cooperation and have been unable to prevent these attacks. In this work, we investigate whether these best practices can eliminate DNS amplification attacks and characterize what threats remain. In particular, we study roughly ...
متن کاملDetecting DNS Amplification Attacks
DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The propo...
متن کاملDenial-of-service detection and mitigation for SIP communication networks
The Session Initiation Protocol (SIP) is the multimedia communication protocol of the future. Used for Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol Television (IPTV), its concepts are based on mature and open standards and its use is increasing rapidly within recent years. However, with its acceptance as a mainstream communication platform, security concerns b...
متن کاملPreventing DNS Amplification Attacks Using the History of DNS Queries with SDN
Domain Name System (DNS) amplification attack is a sophisticated Distributed Denial of Service (DDoS) attack by sending a huge volume of DNS name lookup requests to open DNS servers with the source address spoofed as a victim host. However, from the point of view of an individual network resource such as DNS server and switch, it is not easy to mitigate such attacks because a distributed attack...
متن کاملAnomaly Behavior Analysis of DNS Protocol
DNS protocol is critically important for secure network operations. All networked applications request DNS protocol to translate the network domain names to correct IP addresses. The DNS protocol is prone to attacks like cache poisoning attacks and DNS hijacking attacks that can lead to compromising user’s accounts and stored information. In this paper, we present an anomaly based Intrusion Det...
متن کامل