• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Analysis of Flooding DoS Attacks Utilizing DNS Name Error Queries

Vol. 6, No.10, October 29, 2012
10.3837/tiis.2012.10.018, Download Paper (Free):

Abstract

The Domain Name System (DNS) is a critical Internet infrastructure that provides name to address mapping services. In the past decade, Denial-of-Service (DoS) attacks have targeted the DNS infrastructure and threaten to disrupt this critical service. While the flooding DoS attacks may be alleviated by the DNS caching mechanism, we show in this paper that flooding DoS attacks utilizing name error queries is capable of bypassing the cache of resolvers and thereby impose overwhelming flooding attacks on the name servers. We analyze the impacts of such DoS attacks on both name servers and resolvers, which are further illustrated by May 19 China’s DNS Collapse. We also propose the detection and defense approaches for protecting DNS servers from such DoS attacks. In the proposal, the victim zones and attacking clients are detected through monitoring the number of corresponding responses maintained in the negative cache. And the attacking queries can be mitigated by the resolvers with a sample proportion adaptive to the percent of queries for the existent domain names. We assess risks of the DoS attacks by experimental results. Measurements on the request rate of DNS name server show that this kind of attacks poses a substantial threat to the current DNS service.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Zheng Wang, "Analysis of Flooding DoS Attacks Utilizing DNS Name Error Queries," KSII Transactions on Internet and Information Systems, vol. 6, no. 10, pp. 2750-2763, 2012. DOI: 10.3837/tiis.2012.10.018

[ACM Style]
Wang, Z. 2012. Analysis of Flooding DoS Attacks Utilizing DNS Name Error Queries. KSII Transactions on Internet and Information Systems, 6, 10, (2012), 2750-2763. DOI: 10.3837/tiis.2012.10.018