null
(Ed.)
Domain name system (DNS) resolves the IP addresses
of domain names and is critical for IP networking. Recent
denial-of-service (DoS) attacks on the Internet targeted the DNS
system (e.g., Dyn), which has the cascading effect of denying
the availability of the services and applications relying on the
targeted DNS. In view of these attacks, we investigate the DoS
on the DNS system and introduce the query-crafting threats where the
attacker controls the DNS query payload (the domain name) to
maximize the threat impact per query (increasing the communications
between the DNS servers and the threat time duration),
which is orthogonal to other DoS approaches to increase the
attack impact such as flooding and DNS amplification. We model
the DNS system using a state diagram and comprehensively
analyze the threat space, identifying the threat vectors which
include not only the random/invalid domains but also those using
the domain name structure to combine valid strings and random
strings. Query-crafting DoS threats generate new domain-name
payloads for each query and force increased complexity in the
DNS query resolution. We test the query-crafting DoS threats
by taking empirical measurements on the Internet and show
that they amplify the DoS impact on the DNS system (recursive
resolver) by involving more communications and taking greater
time duration. To defend against such DoS or DDoS threats, we
identify the relevant detection features specific to query-crafting
threats and evaluate the defense using our prototype in CloudLab.
more »
« less