2015
DOI: 10.1007/978-3-319-15509-8_2
|View full text |Cite
|
Sign up to set email alerts
|

Characterizing Optimal DNS Amplification Attacks and Effective Mitigation

Abstract: Attackers have used DNS amplification in over 34% of highvolume DDoS attacks, with some floods exceeding 300Gbps. The best current practices do not help victims during an attack; they are preventative measures that third-party organizations must employ in advance. Unfortunately, there are no incentives for these third parties to follow the recommendations. While practitioners have focused on reducing the number of open DNS resolvers, these efforts do not address the threat posed by authoritative DNS servers. I… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
12
0

Year Published

2016
2016
2022
2022

Publication Types

Select...
5
2
2

Relationship

0
9

Authors

Journals

citations
Cited by 26 publications
(14 citation statements)
references
References 8 publications
0
12
0
Order By: Relevance
“…In more recent work, Rossow [27] provides an in-depth study into attacks performed in 2014, analyzing captured traces on various protocols and evaluating open amplification services on the Internet. Subsequently Kührer et al have performed significant work to reduce vulnerable NTP services and IP address spoofing [20], complemented by others that have focused on amplification using specific protocols, such as DNS [3,8,10,21,22,31] or NTP [6,25,28,30]. The largest study on amplification attacks to date has been performed by Thomas et al, who capture attack traces using a mean of 59.7 honeypots over 1010 days [32].…”
Section: Related Workmentioning
confidence: 99%
“…In more recent work, Rossow [27] provides an in-depth study into attacks performed in 2014, analyzing captured traces on various protocols and evaluating open amplification services on the Internet. Subsequently Kührer et al have performed significant work to reduce vulnerable NTP services and IP address spoofing [20], complemented by others that have focused on amplification using specific protocols, such as DNS [3,8,10,21,22,31] or NTP [6,25,28,30]. The largest study on amplification attacks to date has been performed by Thomas et al, who capture attack traces using a mean of 59.7 honeypots over 1010 days [32].…”
Section: Related Workmentioning
confidence: 99%
“…These, in turn, leave the users of subverted resolvers vulnerable to being re-directed to malicious services. Second, open resolvers are susceptible to being leveraged in reflection and amplification DDoS attacks (e.g., [37]). The DNS port on servers is less open via IPv6 than IPv4.…”
Section: Dns and Ntpmentioning
confidence: 99%
“…The authors of [5] propose to install a preliminary DNS resolver and create a tunnel using IPSec or the SSL protocol between the preliminary resolver and the DNS resolver on the client side. All external DNS requests arrive at the preliminary DNS resolver and cannot directly enter the client's DNS server from external sources.…”
Section: Related Workmentioning
confidence: 99%