The best bang for the byte: Characterizing the potential of DNS amplification attacks
نویسندگان
چکیده
DNS amplification has been instrumental in over 34% of high-volume network DDoS attacks, with some floods exceeding 300Gbps. Today’s best practices require Internet-wide cooperation and have been unable to prevent these attacks. In this work, we investigate whether these best practices can eliminate DNS amplification attacks and characterize what threats remain. In particular, we study roughly 130 million DNS domains and their associated servers to determine the DNS amplification potential associated with each. We find attackers can easily use these servers to create crippling floods and that few servers employ any protection measures to deter attackers.
منابع مشابه
Characterizing Optimal DNS Amplification Attacks and Effective Mitigation
Attackers have used DNS amplification in over 34% of highvolume DDoS attacks, with some floods exceeding 300Gbps. The best current practices do not help victims during an attack; they are preventative measures that third-party organizations must employ in advance. Unfortunately, there are no incentives for these third parties to follow the recommendations. While practitioners have focused on re...
متن کاملA Chaotic Complexity Measure for Cognitive Machine Classification of Cyber-Attacks on Computer Networks
Today’s evolving cyber security threats demand new, modern, and cognitive computing approaches to network security systems. In the early years of the Internet, a simple packet inspection firewall was adequate to stop the then-contemporary attacks, such as Denial of Service (DoS), ports scans, and phishing. Since then, DoS has evolved to include Distributed Denial of Service (DDoS) attacks, espe...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملDetecting DNS Amplification Attacks
DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The propo...
متن کاملDDoS 3.0 - How Terrorists Bring Down the Internet
Dependable operation of the Internet is of crucial importance for our society. In recent years Distributed Denial of Service (DDoS) attacks have quickly become a major problem for the Internet. Most of these attacks are initiated by kids that target schools, ISPs, banks and web-shops; the Dutch NREN (SURFNet), for example, sees around 10 of such attacks per day. Performing attacks is extremely ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Networks
دوره 116 شماره
صفحات -
تاریخ انتشار 2017