Home   >   CSC-OpenAccess Library   >    Manuscript Information
DNS Advanced Attacks and Analysis
Adam Ali.Zare Hudaib, Esra'a Ali Zare Hudaib
Pages - 63 - 74     |    Revised - 31-03-2014     |    Published - 30-04-2014
Volume - 8   Issue - 2    |    Publication Date - April 2014  Table of Contents
DNS, DoS, Cache Poisoning, DNSSEC, DNS Hijacking.
Nowadays DNS is used to load balance, failover, and geographically redirect connections. DNS has become so pervasive it is hard to identify a modern TCP/IP connection that does not use DNS in some way. Unfortunately, due to the reliability built into the fundamental RFC-based design of DNS, most IT professionals don't spend much time worrying about it. If DNS is maliciously attacked — altering the addresses it gives out or taken offline the damage will be enormous. Whether conducted for political motives, financial gain, or just the notoriety of the attacker, the damage from a DNS attack can be devastating for the target.

In this research we will review different DNS advanced attacks and analyze them. We will survey some of the most DNS vulnerabilities and ways of DNS attacks protection.
CITED BY (1)  
1 Pan Lan Lan Yuchi school Biao , Huan Lei , institutions, & statistics . (2015 ) . A rapid assessment authoritative DNS DDoS attacks impact on the way services Computer Application Research , 32 ( 11 ) , 3456-3459
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 TechRepublic 
5 Scribd 
6 SlideShare 
7 PdfSR 
Bau J., Mitchell J., A security evaluation of DNSSEC with NSEC3, Citeseer [May, 2010].
Beverly R and Bauer S, The spoofer project: inferring the extent of source address filtering on the Internet, USENIX workshop on Steps to Reducing Unwanted Traffic on the Internet,2005.272 X. Ye et al. /Journal of Computational Information Systems 9, pp. 265–272 [May,2013].
Dittrich D, Distributed Denial of Service (DDoS) Attacks/tools. Internet:http://staff.washington.edu/dittrich/misc/ddos [Oct, 2012].
Guo Fanglu, Chen Jiawu, Chiueh Tzi-Cker, Spoof detection for preventing DoS attacks against DNS servers, 26th IEEE International Conference on Distributed Computing Systems, ICDCS [Feb, 2006].
H. Yang, H. Luo, Y. Yang, S. Lu, and L. Zhang, “HOURS: Achieving DoS Resilience in an Open Service Hierarchy, ” in Proc. IEEE DSN04 [March, 2004].
Huiming Yu, Xiangfeng Dai, Baxliey T, Xiaohong Yuan, Bassett T, A Visualization Analysis Tool for DNS Amplification Attack, Proceedings of the 2010 3rd International Conference on Biomedical Engineering and Informatics (BMEI 2010) [May, 2010].
ICANN SSAC, SSAC Advisory SAC008 DNS Distributed Denial of Service (DDoS) Attacks.Internet: http://www.icann.org/committees/security/dns-ddos-advisory-31mar06.pdf [Feb,2006].
IPTraf - An IP Network Monitor. Internet: http://iptraf.seul.org/ [Jan, 2014].
K. Rikitake, “A Study of DNS Transport Protocol for Improving the Reliability, ” Ph.D.dissertation, Graduate School of Information Science and Technology, Osaka University[Oct, 2005].
Kambourakis G., Moschos T., Geneiatakis D., Gritzalis S, Detecting DNS Amplification Attacks, Critical Information Infrastructures Security, v(5141), pp. 185 – 196.
Li M, Li J, Zhao W. “Simulation Study of Flood Attacking of DDOS”, Icicse: International Conference on Internet Computing in Science and Engineering, Proceedings [June, 2008].
Li Wei-min, Chen Lu-ying, Lei Zhen-ming, Alleviating the impact of DNS DDoS attacks ,Proceedings of the 2010 2nd International Conference on Networks Security, Wireless Communications and Trusted Computing (NSWCTC 2010), pp. 240-243 [Dec, 2010].
M. de Vivo, G. O. de Vivo, R. Koeneke, and G. Isern, “Internet vulnerabilities related to TCP/IP and T/TCP, ” SIGCOMM Comput. Commun. Rev., vol. 29, no. 1, pp. 81 – 85 [Dec,1999].
S. Murdoch and R. Anderson. “Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication”. Financial Cryptography and Data Security, pp. 42-45 [Jan,2010].
Scalzo F, Recent DNS Reflector Attacks Verisign. Internet: http://www.nanog.org/mtg-0606/pdf/frank-scalzo.pdf [Dec, 2006].
Sen J, A Robust Mechanism for Defending Distributed Denial OF Service Attacks on Web Servers, Arxiv preprint arXiv: 1103.3333 [Jul, 2011].
Singh A, Singh B, Joseph H, Vulnerability Analysis for DNS and DHCP, Vulnerability Analysis and Defense for the Internet, pp. 111-124 [Dec, 2008].
Sun Changhua, Liu Bin, Shi Lei. “Efficient and low-cost hardware defense against DNS amplification attacks”. IEEE Global Telecommunications Conference, GLOBECOM 2008[May, 2008].
The Measurement Factory, Domain name servers: pervasive and critical, yet often overlooked, The Measurement Factory DNS Survey. Internet: http://dns.measurementfactory.com/surveys/sum1.html[Nov, 2005].
V. Paxson, “An analysis of using reflectors for distributed denial-of-service attacks, ”SIGCOMM Comput. Commun.Rev., vol. 31, no. 3, pp. 38 – 47 [May, 2011].
V. Ramasubramanian and E. G. Sirer, “The design and implementation of a next generation name service for the internet, ” SIGCOMM Comput. Commun. Rev., vol. 34, no.4, pp. 331 – 342 [Feb, 2004].
“SSL: Intercepted today, decrypted tomorrow”. Netcraft, pp. 10-12 [May, 2013].
”Denial of Service Attack via ping”. Internet: http://www.cert.org/advisories/CA-1996-26.html [Dec, 1996].
Mr. Adam Ali.Zare Hudaib
Two Mas ltd - Poland
Dr. Esra'a Ali Zare Hudaib
Computer & Engineering Department The Hashemite University Amman . Jordan - Jordan