Abstract
Denial of Service (DDoS) attacks both abuse and target core Internet infrastructures and services, including the Domain Name System (DNS). To characterize recent DDoS attacks against authoritative DNS infrastructure, we join two existing data sets – DoS activity inferred from a sizable darknet, and contemporaneous DNS measurement data – for a 17-month period (Nov. 20 - Mar. 22). Our measurements reveal evidence that millions of domains (up to 5% of the DNS namespace) experienced a DoS attack during our observation window. Most attacks did not substantially harm DNS performance, but in some cases we saw 100-fold increases in DNS resolution time, or complete unreachability. Our measurements captured a devastating attack against a large provider in the Netherlands (TransIP), and attacks against Russian infrastructure. Our data corroborates the value of known best practices to improve DNS resilience to attacks, including the use of anycast and topological redundancy in nameserver infrastructure. We discuss the strengths and weaknesses of our data sets for DDoS tracking and impact on the DNS, and promising next steps to improve our understanding of the evolving DDoS ecosystem.
Original language | English |
---|---|
Title of host publication | Proceedings of the 22nd ACM Internet Measurement Conference |
Publisher | Association for Computing Machinery |
Pages | 51-64 |
Number of pages | 14 |
ISBN (Electronic) | 9781450392594 |
DOIs | |
Publication status | Published - 25 Oct 2022 |
Event | 22nd ACM Internet Measurement Conference, IMC 2022 - Nice, France Duration: 25 Oct 2022 → 27 Oct 2022 Conference number: 22 https://conferences.sigcomm.org/imc/2022/ |
Conference
Conference | 22nd ACM Internet Measurement Conference, IMC 2022 |
---|---|
Abbreviated title | IMC 2022 |
Country/Territory | France |
City | Nice |
Period | 25/10/22 → 27/10/22 |
Internet address |