Abstract
DNS amplification attacks massively exploit open recursive DNS servers mainly for performing bandwidth consumption DDoS attacks. The amplification effect lies in the fact that DNS response messages may be substantially larger than DNS query messages. In this paper, we present and evaluate a novel and practical method that is able to distinguish between authentic and bogus DNS replies. The proposed scheme can effectively protect local DNS servers acting both proactively and reactively. Our analysis and the corresponding real-usage experimental results demonstrate that the proposed scheme offers a flexible, robust and effective solution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cert Advisory CA-1996-26, Denial of Service Attack via ping (December 1997), http://www.cert.org/advisories/CA-1996-26.html
Gibson, S.: DRDoS Distributed Reflection Denial of Service (2002), http://grc.com/dos/drdos.htm
Glenn, C., Kesidis, G., Brooks, R.R.: Denial-of-Service Attack-Detection Techniques. IEEE Internet computing (2006)
Peng, T., Leckie, C., Kotagiri, R.: Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys (to appear)
Mirkovic, J., et al.: Internet Denial of Service: Attack and Defense Mechanism
Security and Stability Advisory Committee, DNS Distributed Denial of Service (DDoS) Attacks (March 2006), http://www.icann.org/committees/security/dns-ddos-advisory-31mar06.pdf
Mockapetris, P.: Domain Names – Concepts and Facilities, RFC 1034 (November 1987)
Mockapetris, P.: Domain Names – Implementation and Specification, RFC 1035 (November 1987)
Vixie, P.: Extension Mechanisms for DNS, RFC 2671 (August 1999)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements, RFC 4033 (March 2005)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Resource Records for the DNS Security Extensions, RFC 4034 (March 2005)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: Protocol Modifications for the DNS Security Extensions, RFC 4035 (March 2005)
Guo, F., Chen, J., Chiueh, T.: Spoof Detection for Preventing DoS Attacks against DNS Servers. In: Proceedings of the 26th IEEE international Conference on Distributed Computing Systems (July 2006)
Chandramouli, R., Rose, S.: An Integrity Verification Scheme for DNS Zone file based on Security Impact Analysis. In: Proceedings of the 21st Annual Computer Security Applications Conference (December 2005)
Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (DNS), RFC 3833 (August 2004)
IPTraf - An IP Network Monitor, http://iptraf.seul.org/
Vaughn, R., Evron, G.: DNS Amplification Attacks. A preliminary release (March 2006)
ICANN Report, DNS Distributed Denial of Service (DDoS) Attacks, Security and Stability Advisory Committee (SSAC) (March 2006)
Vixie, P.: SAC004, Securing The Edge, http://www.icann.org/committees/security/sac004.txt
Guo, F., Chen, J., Chiueh, T.: Spoof Detection for Preventing DoS Attacks against DNS Servers. In: Proc. of ICDCS 2006 (2006)
Bloom, B.: Space/time trade-offs in hash coding with allowable errors. Communications of ACM 13(7), 422–426 (1970)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S. (2008). Detecting DNS Amplification Attacks. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-89173-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89095-9
Online ISBN: 978-3-540-89173-4
eBook Packages: Computer ScienceComputer Science (R0)