Title :
A Fair Solution to DNS Amplification Attacks
Author :
Kambourakis, Georgios ; Moschos, Tassos ; Geneiatakis, Dimitris ; Gritzalis, Stefanos
Author_Institution :
Univ. of the Aegean, Samos
Abstract :
Recent serious security incidents reported several attackers employing IP spoofing to massively exploit recursive name servers to amplify DDoS attacks against numerous networks. DNS amplification attack scenarios utilize DNS servers mainly for performing bandwidth consumption DoS attacks. This kind of attack takes advantage of the fact that DNS response messages may be substantially larger than DNS query messages. In this paper we present a novel, simple and practical scheme that enable administrators to distinguish between genuine and falsified DNS replies. The proposed scheme, acts proactively by monitoring in real time DNS traffic and alerting security supervisors when necessary. It also acts reactively in co-operation with the firewalls by automatically updating rules to ban bogus packets. Our analysis and the corresponding experimental results show that the proposed scheme offers an effective solution, when the specific attack unfolds.
Keywords :
IP networks; Internet; computer crime; network servers; telecommunication security; telecommunication traffic; DDoS attacks; DNS amplification attacks; DNS query messages; DNS response messages; IP spoofing; Internet; bandwidth consumption DoS attacks; real time DNS traffic; recursive name servers; serious security incidents; Bandwidth; Communication system security; Computer crime; Information security; Internet; Laboratories; Monitoring; Network servers; Systems engineering and theory; Web server;
Conference_Titel :
Digital Forensics and Incident Analysis, 2007. WDFIA 2007. Second International Workshop on
Conference_Location :
Samos
Print_ISBN :
978-0-7695-2941-7
DOI :
10.1109/WDFIA.2007.4299371
