Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks

Free registration required

Executive Summary

DNS amplification attacks utilize IP address spoofing and large numbers of open recursive DNS servers to perform the bandwidth consumption attack. During an attack, it ceaselessly fabricates DNS queries to the exploited open recursive DNS servers, and all the responses, often with larger size than the query messages, are reflected to the single victim due to the source IP address spoofing. While it is difficult to defend against this attack from the root causes by eliminating the open recursive DNS servers and IP spoofing for the whole Internet, this paper takes a different methodology to defend against it at the leaf router of victim's ISP or organization. The paper proposes an efficient and low-cost hardware approach to first detect the DNS amplification attack accurately and responsively.

  • Format: PDF
  • Size: 135.5 KB