Dynamic Load Balancing on Web-Server Systems
IEEE Internet Computing
DNS-Based Load Balancing in Distributed Web-server Systems
SEUS-WCCIA '06 Proceedings of the The Fourth IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, and the Second International Workshop on Collaborative Computing, Integration, and Assurance (SEUS-WCCIA'06)
Proceedings of the 3rd international workshop on Visualization for computer security
DNSSEC: a protocol toward securing the internet infrastructure
Communications of the ACM - Smart business networks
Security vulnerabilities in DNS and DNSSEC
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
CoDNS: improving DNS performance and reliability via cooperative lookups
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
ConfiDNS: leveraging scale and history to improve DNS security
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Motivation for Behaviour-Based DNS Security: A Taxonomy of DNS-Related Internet Threats
SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Proceedings of the 15th ACM conference on Computer and communications security
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries
Proceedings of the 15th ACM conference on Computer and communications security
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
ISC'10 Proceedings of the 13th international conference on Information security
Hi-index | 0.00 |
DNS cache poisoning attacks have been proposed for a long time. In 2008, Kaminsky enhanced the attacks to be powerful based on nonce query method. By leveraging Kaminsky's attack, phishing becomes large-scale since victims are hard to detect attacks. Hence, DNS cache poisoning is a serious threat in the current DNS infrastructure. In this paper, we propose a countermeasure, DepenDNS, to prevent from cache poisoning attacks. DepenDNS queries multiple resolvers concurrently to verify an trustworthy answer while users perform payment transactions, e.g., auction, banking. Without modifying any resolver or authority server, DepenDNS is conveniently deployed on client side. In the end of paper, we conduct several experiments on DepenDNS to show its efficiency. We believe DepenDNS is a comprehensive solution against cache poisoning attacks.