Measurement of DNS Traffic Caused by DDoS Attacks

Keisuke Ishibashi; Tsuyoshi Toyono; Hirotaka Matsuoka; Katsuyasu Toyama; Masahiro Ishino; Chika Yoshimura; Takehiro Ozaki; Yuichi Sakamoto; Ichiro Mizukoshi

doi:10.1109/SAINTW.2005.80

2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)

Measurement of DNS Traffic Caused by DDoS Attacks

Year: 2005, Pages: 118-121

DOI Bookmark: 10.1109/SAINTW.2005.80

Authors

Keisuke Ishibashi, NTT Corporation
Tsuyoshi Toyono, NTT Corporation
Hirotaka Matsuoka, NTT Corporation
Katsuyasu Toyama, NTT Corporation
Masahiro Ishino, NTT Communications
Chika Yoshimura, NTT Communications
Takehiro Ozaki, NTT Communications
Yuichi Sakamoto, NTT Communications
Ichiro Mizukoshi, NTT Communications

Abstract

We report the measurement results of Domain Name System (DNS) traffic during the periods of DDoS attacks against a Web server. The attack was caused by virus infected machines. We monitored DNS query packets at DNS cache servers of an Japanese ISP, Open Computer Networks (OCN). We especially focused on those sent by the virus to find the IP address of the target web server. By analyzing the measurement results in detail, we found that the DNS configuration change of the authoritative DNS servers of the target site caused a significant increase in the number of queries.We also show how the DNS operators mitigated those queries by changing the configuration of DNS cache servers and authoritative servers.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

Alleviating the Impact of DNS DDoS Attacks
Networks Security, Wireless Communications and Trusted Computing, International Conference on
Measurement of DNS Traffic Caused by DDoS Attacks
2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)
Mitigating Client Subnet Leakage in DNS Queries
2018 16th Annual Conference on Privacy, Security and Trust (PST)
Connection-Oriented DNS to Improve Privacy and Security
2015 IEEE Symposium on Security and Privacy (SP)
A proposal of DoH-based domain name resolution architecture including authoritative DNS servers
2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)
A Longitudinal and Comprehensive Measurement of DNS Strict Privacy
IEEE/ACM Transactions on Networking
Anomaly-based Filtering of Application-Layer DDoS Against DNS Authoritatives
2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)
A Detection Method Against DNS Cache Poisoning Attacks Using Machine Learning Techniques: Work in Progress
2019 IEEE 18th International Symposium on Network Computing and Applications (NCA)
Detection of Hijacked Authoritative DNS Servers by Name Resolution Traffic Classification
2019 IEEE International Conference on Big Data (Big Data)
Advertising DNS Protocol Use to Mitigate DDoS Attacks
2021 IEEE 29th International Conference on Network Protocols (ICNP)

Measurement of DNS Traffic Caused by DDoS Attacks

Authors

Abstract

Related Articles