Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
DNS DDoS Mitigation, via DNS Timer Design Changes
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.ORCID iD: 0000-0003-0593-1253
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.ORCID iD: 0000-0003-0244-3561
2017 (English)In: Future Network Systems and Security: Third International Conference, FNSS 2017, Gainesville, FL, USA, August 31 - September 2, 2017, Proceedings / [ed] Robin Doss, Welwyn Piramuthu, Wei Zhou, Springer, 2017, 43-55 p.Conference paper, Published paper (Refereed)
Abstract [en]

DDoS attacks have been a problem since 2000. In October 2016, there was a major DDoS attack against the service provider Dyn’s DNS service, which took the service down. This was one of the largest bandwidth DDoS attack ever documented, with attack bandwidth over 650 Gbps. By taking down just Dyn’s DNS service, clients could not obtain the IP addresses, of the organizations hosting their DNS with Dyn, such as Twitter. Our contribution is that we have found a way to mitigate the effect of DDoS attacks against DNS services. We only require some very small algorithm changes, in the DNS protocol. More specifically, we propose to add two additional timers. Even if the end DNS clients don’t support these timers, they will receive our new functionality via the DNS resolvers and recursive servers. In summary, our contributions give much more control to the organizations, as to under which specific conditions the DNS cache entries should be aged or used. This allows the organization to (1) much more quickly expire client DNS caches and (2) to mitigate the DDoS DNS attack effects. Our contributions are also helpful to organizations, even if there are no DDoS DNS attack.

Place, publisher, year, edition, pages
Springer, 2017. 43-55 p.
Series
Communications in Computer and Information Science, ISSN 1865-0929 ; 759
Keyword [en]
DDoS bandwidth, DNS protocol, Dyn DNS hosting, Design guidelines, Information Systems
National Category
Computer Science Information Systems
Research subject
Information systems; Mobile and Pervasive Computing
Identifiers
URN: urn:nbn:se:ltu:diva-65265DOI: 10.1007/978-3-319-65548-2_4Scopus ID: 2-s2.0-85028584113ISBN: 978-3-319-65547-5 (print)ISBN: 978-3-319-65548-2 (electronic)OAI: oai:DiVA.org:ltu-65265DiVA: diva2:1135283
Conference
Third International Conference on Future Network Systems and Security (FNSS 2017), Gainesville, FL, August 31 - September 2, 2017
Available from: 2017-08-22 Created: 2017-08-22 Last updated: 2017-11-24Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Booth, ToddAndersson, Karl
By organisation
Computer Science
Computer ScienceInformation Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 75 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf