Speaker
Dr
Casey Deccio
(Brigham Young University)
Description
Domain Name System (DNS) authoritative servers are a critical component of Internet infrastructure, and as such, they are deliberately accessible to any Internet computer, as a means to find the Internet services they wish to access. Such accessibility can attract ill-intended users to use these same servers with malicious intent, a primary example being DNS reflection-based Distributed Denial-of-Service (DDoS) attacks. One preventative measure used to combat DDoS attacks is for DNS operators to enable a rate-limiting mechanism to mitigate the effects of the potential attack. In this talk we present a study of the deployment of DNS rate limiting across authoritative servers for TLDs and many of the popular domains, in an effort to better understand the mechanisms being deployed to protect the DNS and other critical infrastructure. We demonstrate the impact of deployment and its impact, measured as a factor of amplification reduction. An improved understanding of existing defense mechanisms will allow us to propose improvements to the Internet infrastructure that will ultimately yield a more stable and secure internet.
Talk Duration | 30 Minutes |
---|
Primary author
Dr
Casey Deccio
(Brigham Young University)