Detecting DNS amplification attacks

Authors:
Georgios Kambourakis;Tassos Moschos;Dimitris Geneiatakis;Stefanos Gritzalis
Affiliations:
Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece;Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece;Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece;Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece
Venue:
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Year:
2007

Citing 6
Cited 0

Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)

Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
Spoof Detection for Preventing DoS Attacks against DNS Servers

ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The proposed scheme can effectively protect local DNS servers acting both proactively and reactively. Our analysis and the corresponding real-usage experimental results demonstrate that the proposed scheme offers a flexible, robust and effective solution.