A matter of degree: characterizing the amplification power of open DNS resolvers

Research output: Chapter in Book/Report/Conference proceedingChapterAcademicpeer-review

3 Citations (Scopus)
142 Downloads (Pure)

Abstract

Open DNS resolvers are widely misused to bring about reflection and amplification DDoS attacks. Indiscriminate efforts to address the issue and take down all resolvers have not fully resolved the problem, and millions of open resolvers still remain available to date, providing attackers with enough options. This brings forward the question if we should not instead focus on eradicating the most problematic resolvers, rather than all open resolvers indiscriminately. Contrary to existing studies, which focus on quantifying the existence of open resolvers, this paper focuses on infrastructure diversity and aims at characterizing open resolvers in terms of their ability to bring about varying attack strengths. Such a characterization brings nuances to the problem of open resolvers and their role in amplification attacks, as it allows for more problematic resolvers to be identified. Our findings show that the population of open resolvers lies above 2.6M range over our one-year measurement period. On the positive side, we observe that the majority of identified open resolvers cut out when dealing with bulky and DNSSEC-related queries, thereby limiting their potential as amplifiers. We show, for example, that 59% of open resolvers lack DNSSEC support. On the downside, we see that a non-negligible number of open resolvers facilitate large responses to ANY and TXT queries (8.1% and 3.4% on average, respectively), which stands to benefit attackers. Finally we show that by removing around 20% of potent resolvers the global DNS amplification potential can be reduced by up to 80%.
Original languageEnglish
Title of host publicationPassive and Active Network Measurement
Subtitle of host publication23rd International Conference, PAM 2022, Virtual Event, March 28–30, 2022, Proceedings
EditorsOliver Hohlfeld, Giovane Moura, Cristel Pelsser
Place of PublicationCham
PublisherSpringer
Pages293-318
Number of pages26
ISBN (Electronic)978-3-030-98785-5
ISBN (Print)978-3-030-98784-8
DOIs
Publication statusPublished - 21 Mar 2022
Event23rd Passive and Active Measurement Conference, PAM 2022 - Virtual Conference
Duration: 28 Mar 202230 Mar 2022
Conference number: 23
https://pam2022.nl/

Conference

Conference23rd Passive and Active Measurement Conference, PAM 2022
Abbreviated titlePAM 2022
CityVirtual Conference
Period28/03/2230/03/22
Internet address

Keywords

  • 22/4 OA procedure

Fingerprint

Dive into the research topics of 'A matter of degree: characterizing the amplification power of open DNS resolvers'. Together they form a unique fingerprint.

Cite this