Mirrors in the Sky: On the Potential of Clouds in DNS Reflection-based Denial-of-Service Attacks

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

4 Citations (Scopus)
47 Downloads (Pure)

Abstract

Clouds are likely to be well-provisioned in terms of network capacity by design. The rapid growth of cloud-based services means an increased availability of network infrastructure for all types of customers. However, it could also provide attackers opportunity to misuse cloud infrastructure to bring about attacks, or to target the cloud infrastructure itself.

In this paper we study, focusing on DNS-based reflection DDoS attacks, how cloud networks can be misused to carry out attacks, with possible consequences for the internal cloud infrastructure itself. A straightforward way to misuse cloud infrastructure would be to host open DNS resolvers in the cloud – a phenomenon that we quantify in the paper. More importantly, we structurally analyze how the internal DNS infrastructure of a cloud can be misused. The novelty of this paper lies in identifying and formalizing six attack models for how DNS cloud infrastructure can be abused to bring about reflection attacks, and testing these increasingly complex and progressively specific models against real cloud providers.

Our findings reveal that a steady average of 12% of open DNS resolvers are hosted in cloud or datacenter networks, which gives them well-provisioned network access. Much more worryingly, our results reveal that a number of providers, several of which among market leaders, expose parts of their DNS infrastructure to outsiders, allowing abuse against a provider’s infrastructure, its customers, as well as hosts in external networks. In the course of our study, we responsibly disclosed our findings to these providers.
Original languageEnglish
Title of host publicationProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses
Place of PublicationNew York, NY, USA
PublisherAssociation for Computing Machinery
Pages263-275
Number of pages13
ISBN (Electronic)9781450397049
DOIs
Publication statusPublished - 26 Oct 2022
Event25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022 - Limassol, Cyprus
Duration: 26 Oct 202228 Oct 2022
Conference number: 25
https://raid2022.cs.ucy.ac.cy/

Conference

Conference25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022
Abbreviated titleRAID 2022
Country/TerritoryCyprus
CityLimassol
Period26/10/2228/10/22
Internet address

Keywords

  • cloud networks, DDoS, spoofing, DNS-based reflection

Fingerprint

Dive into the research topics of 'Mirrors in the Sky: On the Potential of Clouds in DNS Reflection-based Denial-of-Service Attacks'. Together they form a unique fingerprint.

Cite this