DDoS攻击导致的DNS流量统计

2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops) Pub Date : 2005-01-31 DOI:10.1109/SAINTW.2005.80

K. Ishibashi, Tsuyoshi Toyono, H. Matsuoka, Katsuyasu Toyama, Masahiro Ishino, C. Yoshimura, T. Ozaki, Y. Sakamoto, I. Mizukoshi

{"title":"DDoS攻击导致的DNS流量统计","authors":"K. Ishibashi, Tsuyoshi Toyono, H. Matsuoka, Katsuyasu Toyama, Masahiro Ishino, C. Yoshimura, T. Ozaki, Y. Sakamoto, I. Mizukoshi","doi":"10.1109/SAINTW.2005.80","DOIUrl":null,"url":null,"abstract":"We report the measurement results of Domain Name System (DNS) traffic during the periods of DDoS attacks against a Web server. The attack was caused by virus infected machines. We monitored DNS query packets at DNS cache servers of an Japanese ISP, Open Computer Networks (OCN). We especially focused on those sent by the virus to find the IP address of the target web server. By analyzing the measurement results in detail, we found that the DNS configuration change of the authoritative DNS servers of the target site caused a significant increase in the number of queries.We also show how the DNS operators mitigated those queries by changing the configuration of DNS cache servers and authoritative servers.","PeriodicalId":220913,"journal":{"name":"2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Measurement of DNS Traffic Caused by DDoS Attacks\",\"authors\":\"K. Ishibashi, Tsuyoshi Toyono, H. Matsuoka, Katsuyasu Toyama, Masahiro Ishino, C. Yoshimura, T. Ozaki, Y. Sakamoto, I. Mizukoshi\",\"doi\":\"10.1109/SAINTW.2005.80\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We report the measurement results of Domain Name System (DNS) traffic during the periods of DDoS attacks against a Web server. The attack was caused by virus infected machines. We monitored DNS query packets at DNS cache servers of an Japanese ISP, Open Computer Networks (OCN). We especially focused on those sent by the virus to find the IP address of the target web server. By analyzing the measurement results in detail, we found that the DNS configuration change of the authoritative DNS servers of the target site caused a significant increase in the number of queries.We also show how the DNS operators mitigated those queries by changing the configuration of DNS cache servers and authoritative servers.\",\"PeriodicalId\":220913,\"journal\":{\"name\":\"2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-01-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAINTW.2005.80\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAINTW.2005.80","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

我们报告了针对Web服务器的DDoS攻击期间域名系统(DNS)流量的测量结果。这次攻击是由受病毒感染的机器引起的。我们在一家日本ISP，开放计算机网络(OCN)的DNS缓存服务器上监控DNS查询数据包。我们特别关注那些由病毒发送的，以找到目标web服务器的IP地址。通过对测量结果的详细分析，我们发现目标站点权威DNS服务器的DNS配置变化导致查询数量明显增加。我们还展示了DNS运营商如何通过更改DNS缓存服务器和授权服务器的配置来减少这些查询。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Measurement of DNS Traffic Caused by DDoS Attacks

We report the measurement results of Domain Name System (DNS) traffic during the periods of DDoS attacks against a Web server. The attack was caused by virus infected machines. We monitored DNS query packets at DNS cache servers of an Japanese ISP, Open Computer Networks (OCN). We especially focused on those sent by the virus to find the IP address of the target web server. By analyzing the measurement results in detail, we found that the DNS configuration change of the authoritative DNS servers of the target site caused a significant increase in the number of queries.We also show how the DNS operators mitigated those queries by changing the configuration of DNS cache servers and authoritative servers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops)

自引率

0.00%

发文量