DoS packet filter using DNS information

Abstract

A DoS (denial of service) attack is one of the most serious threats in the Internet. It is important to protect the resources and services from the DoS attack, but it is difficult to distinguish normal traffic and DoS attack traffic because the DoS attackers generally hide their true identities/origins. In this paper, we propose a technique to reduce the influence of the DoS attack without disturbing the demand of the regular users by allocating the information, when DoS attack occurs, to the filtering rules. This can be done by using DNS request replies.