Enhancing DNS Resilience against Denial of Service Attacks

Pappas, Vasileios; Massey, Dan; Zhang, Lixia

doi:10.1109/dsn.2007.42

Cited by 19 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…6 Although the use of DNS caching and redundancy servers reduce the effect of DDoS, a number of such attacks have been successfully directed against root and top-level DNS servers in past years [108]- [110]. Many solutions have been presented in past years that either: (1) require some changes in the DNS protocol [111]- [114], or (2) propose new resolution services [115], [116]. Nowadays, DNS uses a single approach that does not require any modification to its architecture, which is the adoption of "Anycast" [117].…”

Section: G Availabilitymentioning

confidence: 99%

Security and Privacy Analysis of National Science Foundation Future Internet Architectures

Ambrosin

Compagno

Conti

et al. 2018

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

The Internet Protocol (IP) is the lifeblood of the modern Internet. Its simplicity and universality have fueled the unprecedented and lasting global success of the current Internet. Nonetheless, some limitations of IP have been emerging in recent years. Its original design envisaged supporting perhaps tens of thousands of static hosts operating in a friendly academic-like setting, mainly in order to facilitate email communication and remote access to scarce computing resources. At present IP interconnects billions of static and mobile devices (ranging from supercomputers to IoT gadgets) with a large and dynamic set of popular applications. Starting in mid-1990s, the advent of mobility, wirelessness and the web substantially shifted Internet usage and communication paradigms. This accentuated longterm concerns about the current Internet architecture and prompted interest in alternative designs.The U.S. National Science Foundation (NSF) has been one of the key supporters of efforts to design a set of candidate next-generation Internet architectures. As a prominent design requirement, NSF emphasized "security and privacy by design" in order to avoid the long and unhappy history of incremental patching and retrofitting that characterizes the current Internet architecture. To this end, as a result of a competitive process, four prominent research projects were funded by the NSF in 2010: Nebula, Named-Data Networking (NDN), MobilityFirst (MF), and Expressive Internet Architecture (XIA). This paper provides a comprehensive and neutral analysis of salient security and privacy features (and issues) in these NSF-funded Future Internet Architectures. It also compares the four candidate designs with the current IP-based architecture and discusses similarities, differences, and possible improvements.

show abstract

Section: G Availabilitymentioning

confidence: 99%

Security and Privacy Analysis of National Science Foundation Future Internet Architectures

Ambrosin

Compagno

Conti

et al. 2018

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…If we use DNS to solve the mapping relation between EMD subdivision mesh code and the sever IP address, there will be some unreliable elements [11] [14] . When there is something wrong about the DNS server, the whole system will be destroyed [7] .…”

Section: A Securitymentioning

confidence: 99%

Design and research on GeoIP

Fang

Cheng

Guo

2010

The 2010 14th International Conference on Computer Supported Cooperative Work in Design

View full text Add to dashboard Cite

Based on the coding of The EMD (The extended model based on mapping division) subdivision mesh, we designed an network address coding of subdivision mesh (GeoIP). In this paper, the method that the coding of The EMD subdivision mesh combines with IPv6 is proposed. Through the method we can organize Spatial Data by the storage architecture model that every server stands for a geographic area. The main idea is following: first, extend the length of EMD subdivision mesh code to 68 bits; then insert the GeoIP into IPv6 address, after that the IPv6 network is divided by VLSM(Variable Length Subnet Mask) in accordance with the Division strategy of the EMD subdivision mesh. By this way, every Subnet or every network node can stand for some subdivision mesh, we can realize the goal that organize the global Spatial Data by geographic position, so that the global Spatial Data can be managed in order and in a highlyefficient way .

show abstract

“…A review of the scientific and technical literature shows that no effective measures have been taken to handle false responses of DNS. Domain Name System Security Extensions (DNSSEC) are one of the methods to prevent falsification [6][7][8][9][10]. DNSSEC is the DNS protocol extension that minimises attacks in which DNS addresses change.…”

Section: Introductionmentioning

confidence: 99%

Security of Global Domain Infrastructure in the Internet

Qasımova¹

2015

JPIT

View full text Add to dashboard Cite

DNSSEC technology is used in preventing DNS search result hacks, eliminating falsifications and ensuring security of domain name systems. The article analyses attacks undertaken to DNS server and justifies the necessity of DNSSEC technology application. The article researches the present state and problems in implementation of DNSSEC technology, advantages and scope of solvency in ensuring the security of DNS systems. Recommendations for realization of these technologies are proposed.

show abstract

Enhancing DNS Resilience against Denial of Service Attacks

Cited by 19 publications

References 11 publications

Security and Privacy Analysis of National Science Foundation Future Internet Architectures

Security and Privacy Analysis of National Science Foundation Future Internet Architectures

Design and research on GeoIP

Security of Global Domain Infrastructure in the Internet

Contact Info

Product

Resources

About