A Fair Solution to DNS Amplification Attacks

Author

Kambourakis, Georgios ; Moschos, Tassos ; Geneiatakis, Dimitris ; Gritzalis, Stefanos

Author_Institution

Univ. of the Aegean, Samos

fYear

2007

fDate

27-28 Aug. 2007

Firstpage

38

Lastpage

47

Abstract

Recent serious security incidents reported several attackers employing IP spoofing to massively exploit recursive name servers to amplify DDoS attacks against numerous networks. DNS amplification attack scenarios utilize DNS servers mainly for performing bandwidth consumption DoS attacks. This kind of attack takes advantage of the fact that DNS response messages may be substantially larger than DNS query messages. In this paper we present a novel, simple and practical scheme that enable administrators to distinguish between genuine and falsified DNS replies. The proposed scheme, acts proactively by monitoring in real time DNS traffic and alerting security supervisors when necessary. It also acts reactively in co-operation with the firewalls by automatically updating rules to ban bogus packets. Our analysis and the corresponding experimental results show that the proposed scheme offers an effective solution, when the specific attack unfolds.

Keywords

IP networks; Internet; computer crime; network servers; telecommunication security; telecommunication traffic; DDoS attacks; DNS amplification attacks; DNS query messages; DNS response messages; IP spoofing; Internet; bandwidth consumption DoS attacks; real time DNS traffic; recursive name servers; serious security incidents; Bandwidth; Communication system security; Computer crime; Information security; Internet; Laboratories; Monitoring; Network servers; Systems engineering and theory; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Forensics and Incident Analysis, 2007. WDFIA 2007. Second International Workshop on

Conference_Location

Samos

Print_ISBN

978-0-7695-2941-7

Type

conf

DOI

10.1109/WDFIA.2007.4299371

Filename

4299371