Title :
Recovering and Protecting against DNS Cache Poisoning Attacks
Author :
Yu Xi ; Chen Xiaochen ; Xu Fangqin
Author_Institution :
Dept. of Comput. Sci. & Technol., Shanghai Jiaoqiao Coll., Shanghai, China
Abstract :
DNSSEC can provide a strong countermeasure to DNS Cache Poisoning Attacks, however, DNSSEC can´t be actually deployed in a short time, it is still impossible to avoid poisoning attacks thoroughly, a majority of DNS servers are still hreatened from the poisoning attacks. This attack is used in conjunction with web spoofing, it can change Web URL, lead economic losing and privacy leaking. In this paper, we emphasize on the recovery and protection after suffered DNS Cache Poisoning Attacks. We expect to decrease success ratio of poisoning attacks greatly through restoration, source port randomization (SPR) and setting time-to-live (TTL). After above deployments, attackers have to extend attack time to make attack successful, and this will provide sufficient time to defend and preserve. The strategy of this paper greatly increases resistance of DNS server against DNS poisoning, and also can be a transition before DNSSEC is deployed thoroughly.
Keywords :
Internet; cache storage; computer network security; data privacy; DNS cache poisoning attacks; DNS servers; DNSSEC; IP address; Web URL; Web spoofing; computer network; lead economic losing; privacy leaking; setting time-to-live; source port randomization; Bandwidth; Companies; Computer crime; Computers; IP networks; Servers; Birthday Attack; Cache poisoning; DNS; DNSSEC; SPR; TTL;
Conference_Titel :
Information Technology, Computer Engineering and Management Sciences (ICM), 2011 International Conference on
Conference_Location :
Nanjing, Jiangsu
Print_ISBN :
978-1-4577-1419-1
DOI :
10.1109/ICM.2011.266
