Mapping DNS DDOS Vulnerability to Improve Protection and Prevention
Abstract
The main goal of the project was to provide a measurement-based view of the DDoS-related threat landscape facing the Domain Name System (DNS) infrastructure, and to generate actionable intelligence enabling real-world improvements to the resilience of the DNS infrastructure against attacks. The project consisted of two pillars: (1) identifying DNS single points of failure and vulnerabilities and (2) mapping the DNS Distributed Denial of Service (DDoS) ecosystem. The accomplishments of the project include: (1) development of a methodology for detecting Anycast prefixes on the global Internet (Manycast2); (2) detailed analysis of Anycast deployment of DNS nameserver infrastructure, (3) development of DNS Attack Stream, the software platform that enables a live view of the impact of spoofed DDoS attacks on the global DNS ecosystem by joining the CAIDA Network Telescope Reflected Spoofed Denial of Service (RSDOS) attacks data with live DNS measurement performed by OpenINTEL, an active DNS measurement project. The platform assists with identification of misconfigurations, vulnerabilities, and attacks, and (2) actionable recommendation for DNS operators. The intelligence and tools generated by the MADDVIPR project aid protection of the DNS and facilitate prevention of attacks against the DNS.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2022
- Accession Number
- AD1165550
Entities
People
- Alberto Dainotti
- Anna Sperrotto
- Elena Yulaeva
- Kimberly Claffy
- Mattijs Jonker
- Raffaele Sommese
- Roland Van Rijswijk-deij
Organizations
- University of California, San Diego