Advertisement

Detecting DNS Amplification Attacks

  • Georgios Kambourakis
  • Tassos Moschos
  • Dimitris Geneiatakis
  • Stefanos Gritzalis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)

Abstract

DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The proposed scheme can effectively protect local DNS servers acting both proactively and reactively. Our analysis and the corresponding real-usage experimental results demonstrate that the proposed scheme offers a flexible, robust and effective solution.

Keywords

DNS Security Denial of Service DNS Amplification Attacks Detection and repelling mechanisms 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cert Advisory CA-1996-26, Denial of Service Attack via ping (December 1997), http://www.cert.org/advisories/CA-1996-26.html
  2. 2.
    Gibson, S.: DRDoS Distributed Reflection Denial of Service (2002), http://grc.com/dos/drdos.htm
  3. 3.
    Glenn, C., Kesidis, G., Brooks, R.R.: Denial-of-Service Attack-Detection Techniques. IEEE Internet computing (2006)Google Scholar
  4. 4.
    Peng, T., Leckie, C., Kotagiri, R.: Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys (to appear)Google Scholar
  5. 5.
    Mirkovic, J., et al.: Internet Denial of Service: Attack and Defense MechanismGoogle Scholar
  6. 6.
    Security and Stability Advisory Committee, DNS Distributed Denial of Service (DDoS) Attacks (March 2006), http://www.icann.org/committees/security/dns-ddos-advisory-31mar06.pdf
  7. 7.
    Mockapetris, P.: Domain Names – Concepts and Facilities, RFC 1034 (November 1987)Google Scholar
  8. 8.
    Mockapetris, P.: Domain Names – Implementation and Specification, RFC 1035 (November 1987)Google Scholar
  9. 9.
    Vixie, P.: Extension Mechanisms for DNS, RFC 2671 (August 1999)Google Scholar
  10. 10.
    Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements, RFC 4033 (March 2005)Google Scholar
  11. 11.
    Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Resource Records for the DNS Security Extensions, RFC 4034 (March 2005)Google Scholar
  12. 12.
    Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Protocol Modifications for the DNS Security Extensions, RFC 4035 (March 2005)Google Scholar
  13. 13.
    Guo, F., Chen, J., Chiueh, T.: Spoof Detection for Preventing DoS Attacks against DNS Servers. In: Proceedings of the 26th IEEE international Conference on Distributed Computing Systems (July 2006)Google Scholar
  14. 14.
    Chandramouli, R., Rose, S.: An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis. In: Proceedings of the 21st Annual Computer Security Applications Conference (December 2005)Google Scholar
  15. 15.
    Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (DNS), RFC 3833 (August 2004)Google Scholar
  16. 16.
    IPTraf - An IP Network Monitor, http://iptraf.seul.org/
  17. 17.
    Vaughn, R., Evron, G.: DNS Amplification Attacks. A preliminary release (March 2006)Google Scholar
  18. 18.
    ICANN Report, DNS Distributed Denial of Service (DDoS) Attacks, Security and Stability Advisory Committee (SSAC) (March 2006)Google Scholar
  19. 19.
    Vixie, P.: SAC004, Securing The Edge, http://www.icann.org/committees/security/sac004.txt
  20. 20.
    Guo, F., Chen, J., Chiueh, T.: Spoof Detection for Preventing DoS Attacks against DNS Servers. In: Proc. of ICDCS 2006 (2006)Google Scholar
  21. 21.
    Bloom, B.: Space/time trade-offs in hash coding with allowable errors. Communications of ACM 13(7), 422–426 (1970)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Georgios Kambourakis
    • 1
  • Tassos Moschos
    • 1
  • Dimitris Geneiatakis
    • 1
  • Stefanos Gritzalis
    • 1
  1. 1.Laboratory of Information and Communication Systems Security, Department of Information and Communication Systems EngineeringUniversity of the Aegean, KarlovassiSamosGreece

Personalised recommendations