Characterizing Optimal DNS Amplification Attacks and Effective Mitigation
School of Computing and Information Systems
Padnos College of Engineering and Computing
Attackers have used DNS amplification in over 34% of high- volume DDoS attacks, with some floods exceeding 300Gbps. The best current practices do not help victims during an attack; they are preven- tative measures that third-party organizations must employ in advance. Unfortunately, there are no incentives for these third parties to follow the recommendations. While practitioners have focused on reducing the number of open DNS resolvers, these efforts do not address the threat posed by authoritative DNS servers. In this work, we measure and characterize the attack potential associated with DNS amplification, along with the adoption of countermeasures. We then propose and measure a mitigation strategy that organizations can employ. With the help of an upstream ISP, our strategy will allow even poorly provisioned organizations to mitigate massive DNS amplification attacks with only minor performance overheads.
Passive and Active Measurement Conference
New York, NY
Kalafut, Andrew; MacFarland, Douglas; and Shue, Craig, "Characterizing Optimal DNS Amplification Attacks and Effective Mitigation" (2015). Faculty Scholarly Dissemination Grants. 557.