Routing Loops as Mega Amplifiers for DNS-Based DDoS Attacks

Nosyk, Yevheniya; Korczyński, Maciej; Duda, Andrzej

doi:10.1007/978-3-030-98785-5_28

Cited by 10 publications

(2 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead, malicious URLs (and domain names) are blocked by web browsers (e.g., Chrome, Firefox) using Google Safe Browsing. The problem is raised by open (misconfigured) DNS servers that facilitate amplification reflection Distributed Denial-of-Service (DRDoS) attacks [47], [57], [66], [73], [75], [78]. Open DNS resolvers accept DNS requests from any end host, which can be misused to either target authoritative nameservers by sending an excessive number of incoming requests or, if combined with IP address spoofing, used to redirect responses to victim end-hosts.…”

Section: Motivationmentioning

confidence: 99%

Unveiling the Weak Links: Exploring DNS Infrastructure Vulnerabilities and Fortifying Defenses

Nosyk

Hureau

Fernández

et al. 2023

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

In the past decades, DNS has gradually risen into one of the most important systems on the Internet. Malicious actors have long misused it in reflection and amplification DDoS attacks, but given its criticality, DNS quickly became an attractive attack target itself. There appeared a number of activities that make use of domain names and the DNS protocol to perform illegal actions, collectively referred to as DNS abuse. In this paper, we measure the landscape of DNS infrastructure vulnerabilities across millions of recursive resolvers and authoritative nameservers. We enumerate domain names deploying cache poisoning protection (DNSSEC), email authentication (SPF/DMARC), and resolvers accepting DNS requests from arbitrary clients. We show that DNS infrastructure is not sufficiently protected against cybersecurity threats and propose a set of recommendations to mitigate the existing problems. Conducted in the frame of a European Commission project, our findings will be considered for inclusion in the upcoming European Union legislation on cybersecurity.

show abstract

Section: Motivationmentioning

confidence: 99%

Unveiling the Weak Links: Exploring DNS Infrastructure Vulnerabilities and Fortifying Defenses

Nosyk

Hureau

Fernández

et al. 2023

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

show abstract

“…As a result, legitimate users cannot access network resources and services, or access will be very slow or intermittent. This type of attack consumes the victim's bandwidth by overloading via sending a large amount of traffic to this prey [1], [9]. The volumetric attack occurs when DNS focuses on exhausting the host's available bandwidth.…”

Section: A Volumetric Attacksmentioning

confidence: 99%

A Comprehensive Review of DNS-based Distributed Reflection Denial of Service (DRDoS) Attacks: State-of-the-Art

Nuiaa¹,

Manickam²,

ALsaeedi³

2022

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

Cyberattacks significantly impact the services based on the internet that is used in our daily lives. Any disruption will make it extremely difficult for us to carry out our daily activities. Cyberattacks will disrupt online services, exploit vulnerabilities to breach databases and servers, and so on. Various systems and services contribute to the Internet's seamless functionality. The Domain Name System (DNS) is one of the most important services. DNS is used to resolve domain names into machine-readable IP addresses. DNS, like many other Internet services, is vulnerable to cyber-attacks. While DNS faces a slew of threats, one in particular appears to stand out. DNS is vulnerable to a variety of distributed denial-of-service attacks. The distributed reflection denial of service (DRDoS) attack, a flooding attack against DNS servers that renders them unavailable, disrupting domain name resolution activities, is one of the most common variants. DRDoS attacks have been on the rise in recent years. DNS lookup outages would significantly impact our online activities in the world of ultra-connectivity because they are typically the first step in establishing a connection with a server. The purpose of this paper is to present a state-of-the-art review of DRDoS attack detection and mitigation algorithms as well as the datasets on which these algorithms operate. Finally, we discussed each of these algorithms' relative merits and demerits.

show abstract