Protecting against DNS Reflection Attacks with Bloom Filters

Di Paola, Sebastiano; Lombardo, Dario

doi:10.1007/978-3-642-22424-9_1

Sebastiano Di Paola¹⁸ &
Dario Lombardo¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6739))

Included in the following conference series:

International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

1766 Accesses
5 Citations

Abstract

Nowadays the DNS protocol is under the attention of the security community for its lack of security and for the flaws found in the last few years. In the Internet scenario, the reflection/amplification is the most common and nasty attack that requires very powerful and expensive hardware to be protected from. In this paper we propose a robust countermeasure against this type of threats based on Bloom filters. The proposed method is fast and not too eager of resources, and has a very low error rate, blocking 99.9% of attack packets. The mechanism has been implemented within a project by Telecom Italia S.p.A., named jdshape, based on Juniper Networks\(^{\textregistered}\) SDK.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. In: ACM SIGCOMM Computer Communication Review Homepage, vol. 31(3) (July 2001)
Google Scholar
Handley, M., Rescorla, E.: Internet Denial-of-Service Considerations. RFC4732 November (2006)
Google Scholar
Silva, K., Scalzo, F., Barber, P.: Anatomy of Recent DNS Reflector Attacks from the Victim and Reflector Point of View. Verisign White paper, April 4 (2006)
Google Scholar
Vaughn, R., Evron, G.: DNS Amplification Attack (March 17, 2006)
Google Scholar
Mockapetris, P.: Domain names - implementation and specification, RFC1035 (November 1987)
Google Scholar
Bloom, B.: Space/time trade-offs in hash coding with allowable errors. Communications of ACM 13(7), 422–426 (1970)
Article MATH Google Scholar
Kirsch, A., Mitzenmacher, M.: Less hashing, same performance: Building a better bloom filter. In: Azar, Y., Erlebach, T. (eds.) ESA 2006. LNCS, vol. 4168, pp. 456–467. Springer, Heidelberg (2006)
Chapter Google Scholar
Bose, P., Guo, H., Kranakis, E., Maheshwari, A., Morin, P., Morrison, J., Smid, M., Tang, Y.: On the false-positive rate of Bloom filters. Information Processing Letters 108(4), 210–213 (2008)
Article MATH MathSciNet Google Scholar
Chang, F., Chang Feng, W., Li, K.: Approximate caches for packet classification. In: Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, INFOCOM 2004, March 7-11, vol. 4, pp. 2196–2207 (2004)
Google Scholar
Almeida, P.S., Baquero, C., Preguiça, N., Hutchinson, D.: Scalable bloom filters. Information Processing Letters 101(6), 255–261 (2007) ISSN 0020-0190
Article MATH MathSciNet Google Scholar
Handley, M., Greenhalgh, A.: Steps towards a DoS-resistant internet architecture. In: Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture (FDNA 2004)
Google Scholar
Akinori, M., Yoshinobu, M.M.: Implement anti-spoofing to prevent DNS Amplification Attack. In: SANOG, Karachi, Pakistan, July 27 - August 4 , vol. 8 (2006)
Google Scholar
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: A Fair Solution to DNS Amplification Attacks. In: Workshop on Digital Forensics and Incident Analysis, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007), pp. 38–47 (2007)
Google Scholar
Sun, C., Liu, B., Shi, L.: Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks. In: Proc. IEEE GLOBECOM, New Orleans, LA, November 30-December 4 (2008)
Google Scholar
Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area Web cache sharing protocol. IEEE/ACM Transactions on Networking 8(3), 281–293 (2000)
Article Google Scholar
Brusotti, S., Gazza, M., Lombardo, D.: Network Embedded security: new scenarios (article in Italian, english translation will be available as soon as possible). Notiziario Tecnico Telecom Italia (3) (2010)
Google Scholar
http://www.partow.net/programming/hashfunctions/

Download references

Author information

Authors and Affiliations

Telecom Italia S.p.A., Via Reiss Romoli 274, 10148, Torino, Italy
Sebastiano Di Paola & Dario Lombardo

Authors

Sebastiano Di Paola
View author publications
You can also search for this author in PubMed Google Scholar
Dario Lombardo
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Ar-beits-grup-pe "Em-bed-ded Mal-wa-re", Ruhr-Uni-ver-si-tät Bo-chum, Uni-ver-si-täts-stras-se 150, 44801, Bochum, Germany
Thorsten Holz
Vrije Universiteit Amsterdam, 1081, Amsterdam, The Netherlands
Herbert Bos

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Di Paola, S., Lombardo, D. (2011). Protecting against DNS Reflection Attacks with Bloom Filters. In: Holz, T., Bos, H. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2011. Lecture Notes in Computer Science, vol 6739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22424-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-22424-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22423-2
Online ISBN: 978-3-642-22424-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics