The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we present an environment for the simulation of DRDoS attacks and protection mechanisms against them. The main difficulties of simulating attacks of this type are listed, the ways of their solution in the form of a system approach are shown.
Today DNS servers run on many different applications and operating systems what means there are many options how to protect DNS server. Each regular application has implemented security mechanisms that protect the system from standard attacks. DNS service works on application layer, however it is possible to prevent many threats already on lower layers. This paper deals about DNS security mechanisms...
Botnet-based Distributed Denial of Service (DDoS) attacks are considered as the main concerns and problems of today's Internet. The damage of these attacks are very serious since the number of computers involved in these attacks is huge and distributed worldwide. However, many protocols such as Domain Name System (DNS) have several security vulnerabilities nowadays that are utilized by botnet attackers...
As the largest country code Top Level Domain (ccTLD) name service, .CN receives billions of queries every day. Under the threat of Distributed Denial-of-Service (DDoS) attacks, effective mechanism for client classification is especially important for such busy ccTLD service. In this paper, by analyzing the query log of .CN name service, we propose a novel client classification method based on client...
Domain name system is among the core part of TCP/IP protocol suite and the standard protocol used by the Internet. The domain name system consists of mapped website names with Internet protocol, which facilitates browsing by not requiring users to remember numeric notation addresses. The nature of the system, which involves transferring information in plain text, makes it vulnerable to security attacks...
We present D3NS, a system to replace the current top level DNS system and certificate authorities, offering increased scalability, security and robustness. D3NS is based on a distributed hash table and utilizes a domain name ownership system based on the Bitcoin blockchain. It addresses previous criticism that a DHT would not suffice as a DNS replacement. D3NS provides solutions to current DNS vulnerabilities...
We study the vulnerability in domain name system, so called as "Ghost domain names", which is discovered by Jiang, Liang, Li, Li, Duan and Wu in NDSS 2012. The ghost domain vulnerability allows a malicious domain name to stay resolvable long after it has been removed form the upper level server. Our study examines the feasibility of the ghost domain vulnerability still active and clarifies...
DNS Security Extensions (DNSSEC) became standardized more than 15 years ago, but its adoption is still limited. The recent publication of several new, off-path DNS cache-poisoning and wide-scale man-in-the-middle attacks should motivate DNSSEC adoption. However, significant challenges and pitfalls have resulted in severely limited deployment, which is furthermore often incorrect (and hence vulnerable)...
As one of anti-spam technologies, DNSBL based on the URLs or their corresponding IP addresses in the messages is well used. However, some spam mails cannot be filtered by conventional DNSBLs since the spammers create websites using various techniques such as botnet, fast-flux and Wildcard DNS record. To discriminate such spam mails, we ananalyzed DNS record characteristics corresponding to the domain...
The Domain Name System is a crucial part of the Internet's infrastructure, as it provides basic information that is vital for the proper operation of the Internet. The importance of DNS has caused it to be targeted by malicious attackers who are interested in causing damage and gaining personal benefits. Thus nowadays, DNS faces many security threats such as DNS spoofing and cache poisoning attacks...
The DNS Bandwidth Amplification Attack (BAA) is a distributed denial-of-service attack in which a network of computers floods a DNS server with responses to requests that have never been made. Amplification enters into the attack by virtue of the fact that a small 60-byte request can be answered by a substantially larger response of 4,000 bytes or more in size. We use the PRISM probabilistic model...
We use the probabilistic model checker PRISM to formally model and analyze the highly publicized Kaminsky DNS cache-poisoning attack. DNS (Domain Name System) is an internet-wide, hierarchical naming system used to translate domain names such as google.com into physical IP addresses such as 208.77.188.166. The Kaminsky DNS attack is a recently discovered vulnerability in DNS that allows an intruder...
The Domain Name System (DNS) is a critical fundamental service of the Internet that provides mapping between domain names and IP addresses. In the past few years, distributed denial of service (DDoS) attacks aimed at core DNS servers have caused huge losses. In this paper, we present a simple, practical scheme that can significantly reduce the extent of the DNS DDoS attacks. Firstly, we support that...
Most of the phishing and pharming attacks are directed at the payment and financial services, with the purpose to steal online bank users' card number and password. This paper presents the design and implementation of a DNS based anti-phishing approach, which can be used to protect the card number and the password of the online bank users effectively, and prevent phishers and pharmers from stealing...
Name resolution system is playing an important role in Internet. Owning to original design ill-considerately, DNS has some fate shortcoming. So some researchers propose using flat name resolution to replace it. Until now there are many researches on this function, but few studies on performance. We just do some performance analysis to give a deeper insight into this system. In this paper, we model...
The domain name system is a critical piece of the Internet and supports most Internet applications. Because it's organized in a hierarchy, its correct operation depends on the availability of just a few servers at the hierarchy's upper levels. These backbone servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.