Characterizing Optimal DNS Amplification Attacks and Effective Mitigation

Authors

Andrew Kalafut, Grand Valley State UniversityFollow
Douglas MacFarland
Craig Shue

Department

School of Computing and Information Systems

College

Padnos College of Engineering and Computing

Date Range

2014-2015

Disciplines

Engineering

Abstract

Attackers have used DNS amplification in over 34% of high- volume DDoS attacks, with some floods exceeding 300Gbps. The best current practices do not help victims during an attack; they are preven- tative measures that third-party organizations must employ in advance. Unfortunately, there are no incentives for these third parties to follow the recommendations. While practitioners have focused on reducing the number of open DNS resolvers, these efforts do not address the threat posed by authoritative DNS servers. In this work, we measure and characterize the attack potential associated with DNS amplification, along with the adoption of countermeasures. We then propose and measure a mitigation strategy that organizations can employ. With the help of an upstream ISP, our strategy will allow even poorly provisioned organizations to mitigate massive DNS amplification attacks with only minor performance overheads.

Conference Name

Passive and Active Measurement Conference

Conference Location

New York, NY

ScholarWorks Citation

Kalafut, Andrew; MacFarland, Douglas; and Shue, Craig, "Characterizing Optimal DNS Amplification Attacks and Effective Mitigation" (2015). Faculty Scholarly Dissemination Grants. 557.
https://scholarworks.gvsu.edu/fsdg/557