Detecting DNS Amplification Attacks
作者: Georgios Kambourakis , Tassos Moschos , Dimitris Geneiatakis , Stefanos Gritzalis
DOI: 10.1007/978-3-540-89173-4_16
关键词:
摘要: DNS amplification attacks massively exploit open recursive servers mainly for performing bandwidth consumption DDoS attacks. The effect lies in the fact that response messages may be substantially larger than query messages. In this paper, we present and evaluate a novel practical method is able to distinguish between authentic bogus replies. proposed scheme can effectively protect local acting both proactively reactively. Our analysis corresponding real-usage experimental results demonstrate offers flexible, robust effective solution.
springer.com
columbia.edu 
acm.org 
sci-hub.st 参考文章(18)
Roy Arends, Scott Rose, Dan Massey, Matt Larson, Rob Austein, Resource Records for the DNS Security Extensions RFC. ,vol. 4034, pp. 1- 29 ,(2005)
Peter Reiher, Sven Dietrich, Jelena Mirkovic, David Dittrich, Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security) Prentice Hall PTR. ,(2004)
R. Chandramouli, S. Rose, An integrity verification scheme for DNS zone file based on security impact analysis annual computer security applications conference. pp. 312- 321 ,(2005) , 10.1109/CSAC.2005.9
Rob Austein, Derek Atkins, Threat Analysis of the Domain Name System (DNS) RFC. ,vol. 3833, pp. 1- 16 ,(2004)
P. V. Mockapetris, Domain names - concepts and facilities RFC. ,vol. 1034, pp. 1- 31 ,(1987)
Roy Arends, Scott Rose, Dan Massey, Matt Larson, Rob Austein, Protocol Modifications for the DNS Security Extensions RFC. ,vol. 4035, pp. 1- 53 ,(2005)
Roy Arends, Scott Rose, Dan Massey, Matt Larson, Rob Austein, DNS Security Introduction and Requirements RFC. ,vol. 4033, pp. 1- 21 ,(2005)
Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems ACM Computing Surveys. ,vol. 39, pp. 3- ,(2007) , 10.1145/1216370.1216373
P. Vixie, Extension Mechanisms for DNS (EDNS0) Extension Mechanisms for DNS (EDNS0). ,vol. 2671, pp. 1- 16 ,(1999)
P. V. Mockapetris, Domain names - implementation and specification Domain names - implementation and specification. ,vol. 1035, pp. 1- 55 ,(1987)