E-mail senden E-Mail Adresse kopieren
2023-07-03

Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives

Zusammenfassung

Authoritative DNS infrastructures are at the core of the Internet ecosystem. But how resilient are typical authoritative DNS name servers against application-layer Denial-of-Service attacks? In this paper, with the help of a large country-code TLD operator, we assess the expected attack load and DoS countermeasures. We find that standard botnets or even single-homed attackers can overload the computational resources of authoritative name servers—even if redundancy such as anycast is in place. To prevent the resulting devastating DNS outages, we assess how effective upstream filters can be as a last resort. We propose an anomaly detection defense that allows both, well-behaving high-volume DNS resolvers as well as low-volume clients to continue name lookups—while blocking most of the attack traffic. Upstream ISPs or IXPs can deploy our scheme and drop attack traffic to reasonable query loads at or below 100k queries per second at a false positive rate of 1.2 % to 5.7 % (median 2.4 %).

Konferenzbeitrag

IEEE European Symposium on Security and Privacy (EuroS&P)

Veröffentlichungsdatum

2023-07-03

Letztes Änderungsdatum

2024-11-29