A High-Performance, Scalable Infrastructure for Large-Scale Active DNS Measurements

Rijswijk-Deij, Roland van; Jonker, Mattijs; Sperotto, Anna; Pras, Aiko

doi:10.1109/jsac.2016.2558918

Cited by 90 publications

(88 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on previous considerations on the actual temporary loss of use of the victim IP address, in some cases even beyond the attack duration, we explore the impact blackholing may have on the availability of services by considering data from OpenINTEL 18 . OpenINTEL is an active DNS measurements platform [20] that measures daily snapshots of the DNS by querying all domain names under Top-Level Domains (TLDs) for their Resource Records (RRs). This includes IP addresses of: (i) www labels, (ii) mail exchanger (MX), and (iii) authoritative name servers (NS).…”

Section: Blackholed Attacksmentioning

confidence: 99%

“…Of unique MX and NS names, 154 k (0.40% of 38.76 M) and 9994 (0.13% of 7.62 M) map to blackholed prefixes. 20 Infrastructure can be redundantly hosted, i.e., have multiple IP addresses. We investigate this by studying the presence of nonblackholed IP address records and find that, respectively, 87.4%, 98.0% and 98.6% of the names found (cf., ratio in Table 6) do not have an alternative IP address at the time of blackholing.…”

Section: Blackholed Attacksmentioning

confidence: 99%

“…https://openintel.nl/19 The existence of an A RR for the www label is taken as a Web site indicator 20. Multiple domains may share the same infrastructure.…”

mentioning

confidence: 99%

See 2 more Smart Citations

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Jonker

Pras

Dainotti

et al. 2018

Proceedings of the Internet Measurement Conference 2018

Self Cite

View full text Add to dashboard Cite

BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to achieve DoS mitigation. Although empirical evidence of blackholing activities are documented in literature, a clear understanding of how blackholing is used in practice when attacks occur is still missing. This paper presents a first joint look at DoS attacks and BGP blackholing in the wild. We do this on the basis of two complementary data sets of DoS attacks, inferred from a large network telescope and DoS honeypots, and on a data set of blackholing events. All data sets span a period of three years, thus providing a longitudinal overview of operational deployment of blackholing during DoS attacks.

show abstract

Section: Blackholed Attacksmentioning

confidence: 99%

Section: Blackholed Attacksmentioning

confidence: 99%

See 1 more Smart Citation

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

Jonker

Pras

Dainotti

et al. 2018

Proceedings of the Internet Measurement Conference 2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…We analysed the impact of domain names that have the terms stresser, booter or ddos in their composition, and are registered within .com, using a large-scale active DNS measurement dataset [95]. We found that of all 2,721 domains names in .com containing one of the three terms, only 61 domain names (less than 3%) are not related to booters.…”

Section: Tlds Operators Domain Registrars Web Hostingmentioning

confidence: 99%

DDoS-as-a-Service

Santanna¹,

Jair²

View full text Add to dashboard Cite

“…To evaluate the potential impact of attacks using Web sites as a measure we need a historical mapping between IP addresses and Web sites hosted. To obtain this mapping we use active DNS measurement data from the OpenINTEL project[20,107].OpenINTEL is a large-scale, active DNS measurement platform that collects daily snapshots of the content of the DNS. It builds snapshots by structurally querying all the domain names under a full zone, i.e., Top-Level Domain (TLD), a set of Resource Records (RRs).…”

mentioning

confidence: 99%

DDoS mitigation: a measurement-based approach

Jonker¹

Self Cite

View full text Add to dashboard Cite

Over the past decades, DoS attacks have rapidly increased in terms of occurrence and intensity, steadily becoming one of the largest threats to the stability and reliability of the Internet. In this thesis we reveal the massive scale of the problem, by showing, among others, that one-third of all /24 networks estimated to be active on the Internet have suffered at least one DoS attack during a recent two-year observation period. 1.3.3 Adoption of Mitigation and Expertise of Users Even though diverse solutions are readily available to mitigate attacks, quantitative knowledge of their adoption on the Internet is limited. In addition, an understanding of how solutions are deployed and operated when operators are faced with attacks featuring differing characteristics is missing. A related challenge stems from the potential disconnect between the ease of setup of mitigation solutions and the expertise of adopting operators. Providers, be it of cloud-based services or on-site appliances, stand to benefit from a low adoption barrier. Often they try to capitalize rapid product (or service) deployment, because that is what companies need in times of crisis (i.e., when attacked). But what exactly does a black box with proprietary algorithms do after it is so easily plugged into a network? While that box may effectively mitigate attacks and 1.4.1 Goal 1: The DoS Phenomenon Research Questions In the first goal we expressed wanting to study the DoS phenomenon on a global, Internet-wide scale. This leads to our first research question: RQ 1: Which data sources on DoS do we need in order to study the DoS phenomenon on a global scale? Are there existing data that we can work with, fuse or derive from? Or do we need to gather new measurements? • M. Jonker and A. Sperotto. Mitigating DDoS Attacks using OpenFlowbased Software Defined Networking. In Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security (AIMS'15). Ghent, Belgium [55]. Chapter 3: Attack Characterization This chapter discusses our first steps towards addressing challenges that pertain to: (i) data availability; and (ii) processing large-scale and diverse data This chapter is based on (part of) the following peer-reviewed publication:

show abstract

A High-Performance, Scalable Infrastructure for Large-Scale Active DNS Measurements

Cited by 90 publications

References 18 publications

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

A First Joint Look at DoS Attacks and BGP Blackholing in the Wild

DDoS-as-a-Service

DDoS mitigation: a measurement-based approach

Contact Info

Product

Resources

About