DNS amplification attack revisited

DNS amplification attack revisited

It is without doubt that the Domain Name System (DNS) is one of the most decisive elements of the Internet infrastructure; even a slight disruption to the normal operation of a DNS server could cause serious impairment to network services and thus hinder access to network resources. Hence, it is str...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security Vol. 39; pp. 475 - 485
Main Authors: Anagnostopoulos, Marios, Kambourakis, Georgios, Kopanos, Panagiotis, Louloudakis, Georgios, Gritzalis, Stefanos
Format: Journal Article
Language:English
Published: Amsterdam Elsevier Ltd 01-11-2013
Elsevier
Elsevier Sequoia S.A
Subjects:
Amplification
Amplification attack
Applied sciences
Comparative analysis
Computer information security
Computer science; control theory; systems
Computer systems and distributed systems. User interface
Cybersecurity
Denial of service attacks
DNS
DNSSEC
Domain names
DoS
Exact sciences and technology
Flavours
Impairment
Malware
Memory and file management (including protection and security)
Memory organisation. Data processing
Network security
Networks
Reflection attack
Software
Studies
URLs
Greece
Portugal
Ireland
DNS
DoS
Cybersecurity
DNSSEC
Amplification attack
Reflection attack
Domain name
Botnet
Viewing angle
Network service
Addressing
Intelligent agent
Cryptanalysis
Infrastructure
Access network
Denial of service
Internet
Planning
Cryptography
Localization
Computer security
Computer attack
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:It is without doubt that the Domain Name System (DNS) is one of the most decisive elements of the Internet infrastructure; even a slight disruption to the normal operation of a DNS server could cause serious impairment to network services and thus hinder access to network resources. Hence, it is straightforward that DNS nameservers are constantly under the threat of Denial of Service (DoS) attacks. This paper presents a new, stealthy from the attacker's viewpoint, flavor of DNSSEC-powered amplification attack that takes advantage of the vast number of DNS forwarders out there. Specifically, for augmenting the amplification factor, the attacker utilizes only those forwarders that support DNSSEC-related resource records and advertize a large DNS size packet. The main benefits of the presented attack scenario as compared to that of the typical amplification attack are: (a) The revocation of the need of the aggressor to control a botnet, and (b) the elimination of virtually all traces that may be used toward disclosing the attacker's actions, true identity and geographical location. The conducted experiments taking into consideration three countries, namely Greece, Ireland and Portugal demonstrate that with a proper but simple planning and a reasonable amount of resources, a determined perpetrator is able to create a large torrent of bulky DNS packets towards its target. In the context of the present study this is translated to a maximum amplification factor of 44. [Display omitted] •We introduce a new breed of DNS amplification attack.•The attack relies on DNS forwarders and takes advantage of large DNSSEC RRs.•The attacker enjoys anonymity.•We assess the strength of the attack and witnessed a maximum amplification factor of 44.•We examine the existence of open forwarders in the IP address space of 3 EU countries.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ObjectType-Article-1
ObjectType-Feature-2
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2013.10.001