Preventing Use of Recursive Nameservers in Reflector Attacks
نویسندگان
چکیده
This document describes ways to prevent the use of default configured recursive nameservers as reflectors in Denial of Service (DoS) attacks. It provides recommended configuration as measures to mitigate the attack.
منابع مشابه
Solving the DNS Cache Poisoning Problem Without Changing the Protocol
In this paper we propose a solution to the DNS cache poisoning problem, which we called WSEC DNS (Wildcard Secure DNS). Our solution leverages existing properties of the DNS protocol and does not require any changes neither to the DNS protocol itself nor to the DNS resolution software run by nameservers. We propose to take advantage of the definition of wildcards given in RFC 1034 and RFC 4592,...
متن کاملIdentifying Patterns in DNS Traffic
In this research, a visual analytics approach is used on a large set of DNS packet captures to gain insight into ways that authoritative name servers are abused for denial of service attacks. Several tools were developed to identify patterns in DNS queries and responses. These patterns revealed that source port selection by recursive name servers is not uniformly distributed and that attackers ...
متن کاملA Simple Approach to DNS DoS Defense
We consider DoS attacks on DNS where attackers flood the nameservers of a zone to disrupt resolution of resource records belonging to the zone and consequently, any of its sub-zones. We argue that a minor change in the caching behavior of DNS resolvers can significantly mitigate the impact of such attacks. In our proposal, DNS resolvers do not completely evict cached records whose TTL has expir...
متن کاملMeasuring the Placement of DNS Servers in Top-Level-Domain
DNS is a critical infrastructure of the global Internet. To assure DNS’s efficient and robust operations, each domain, especially each of the Top-Level-Domains (TLDs), should deploy multiple redundant nameservers in diverse locations. To assess the robustness of TLD nameserver deployment regarding the nameserver redundancy and location diversity, we conduct a measurement study by sending specia...
متن کاملTrickleDNS: A Safety Net for the Domain Name System
This paper presents TrickleDNS, a practical and decentralized system for disseminating DNS data securely. Unlike prior solutions, which depend on the as-yetundeployed DNSSEC standard to preserve data integrity, TrickleDNS uses a novel security framework that provides resilience from data corruption by compromised servers and denial of service attacks. It is based on the key design principle of ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- RFC
دوره 5358 شماره
صفحات -
تاریخ انتشار 2008