Abstract
Nowadays the DNS protocol is under the attention of the security community for its lack of security and for the flaws found in the last few years. In the Internet scenario, the reflection/amplification is the most common and nasty attack that requires very powerful and expensive hardware to be protected from. In this paper we propose a robust countermeasure against this type of threats based on Bloom filters. The proposed method is fast and not too eager of resources, and has a very low error rate, blocking 99.9% of attack packets. The mechanism has been implemented within a project by Telecom Italia S.p.A., named jdshape, based on Juniper Networks\(^{\textregistered}\) SDK.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. In: ACM SIGCOMM Computer Communication Review Homepage, vol. 31(3) (July 2001)
Handley, M., Rescorla, E.: Internet Denial-of-Service Considerations. RFC4732 November (2006)
Silva, K., Scalzo, F., Barber, P.: Anatomy of Recent DNS Reflector Attacks from the Victim and Reflector Point of View. Verisign White paper, April 4 (2006)
Vaughn, R., Evron, G.: DNS Amplification Attack (March 17, 2006)
Mockapetris, P.: Domain names - implementation and specification, RFC1035 (November 1987)
Bloom, B.: Space/time trade-offs in hash coding with allowable errors. Communications of ACM 13(7), 422–426 (1970)
Kirsch, A., Mitzenmacher, M.: Less hashing, same performance: Building a better bloom filter. In: Azar, Y., Erlebach, T. (eds.) ESA 2006. LNCS, vol. 4168, pp. 456–467. Springer, Heidelberg (2006)
Bose, P., Guo, H., Kranakis, E., Maheshwari, A., Morin, P., Morrison, J., Smid, M., Tang, Y.: On the false-positive rate of Bloom filters. Information Processing Letters 108(4), 210–213 (2008)
Chang, F., Chang Feng, W., Li, K.: Approximate caches for packet classification. In: Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, INFOCOM 2004, March 7-11, vol. 4, pp. 2196–2207 (2004)
Almeida, P.S., Baquero, C., Preguiça, N., Hutchinson, D.: Scalable bloom filters. Information Processing Letters 101(6), 255–261 (2007) ISSN 0020-0190
Handley, M., Greenhalgh, A.: Steps towards a DoS-resistant internet architecture. In: Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture (FDNA 2004)
Akinori, M., Yoshinobu, M.M.: Implement anti-spoofing to prevent DNS Amplification Attack. In: SANOG, Karachi, Pakistan, July 27 - August 4 , vol. 8 (2006)
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: A Fair Solution to DNS Amplification Attacks. In: Workshop on Digital Forensics and Incident Analysis, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007), pp. 38–47 (2007)
Sun, C., Liu, B., Shi, L.: Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks. In: Proc. IEEE GLOBECOM, New Orleans, LA, November 30-December 4 (2008)
Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area Web cache sharing protocol. IEEE/ACM Transactions on Networking 8(3), 281–293 (2000)
Brusotti, S., Gazza, M., Lombardo, D.: Network Embedded security: new scenarios (article in Italian, english translation will be available as soon as possible). Notiziario Tecnico Telecom Italia  (3) (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Di Paola, S., Lombardo, D. (2011). Protecting against DNS Reflection Attacks with Bloom Filters. In: Holz, T., Bos, H. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2011. Lecture Notes in Computer Science, vol 6739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22424-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-22424-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22423-2
Online ISBN: 978-3-642-22424-9
eBook Packages: Computer ScienceComputer Science (R0)