Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Spoof Detection for Preventing DoS Attacks against DNS Servers
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The proposed scheme can effectively protect local DNS servers acting both proactively and reactively. Our analysis and the corresponding real-usage experimental results demonstrate that the proposed scheme offers a flexible, robust and effective solution.