Binary Information Press
DNS amplification attacks utilize IP address spoofing and large numbers of open recursive DNS servers to perform the bandwidth consumption attack. This kind of attack takes advantage of the face that DNS response messages may be substantially larger than DNS query messages. In this paper, the authors present a simple and practical method that is able to distinguish between authentic and bogus DNS replies. The proposed scheme, acts proactively by monitoring in real time DNS traffic and alerting network administrators when necessary.