International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395 -0056
Volume: 03 Issue: 12 | Dec -2016
p-ISSN: 2395-0072
www.irjet.net
Spoof Detection for Preventing DoS Attacks against DNS Servers Dr.T.Pandikumar1, Yehenew Mekonen2 1Ph.D.
Department of Computer & IT, College of Engineering, Defence University, Ethiopia Department of Computer & IT, College of Engineering, Defence University, Ethiopia
2M.Tech.
---------------------------------------------------------------------***--------------------------------------------------------------------1. INTRODUCTION hierarchical decentralized naming system for The Domain Name System (DNS) is a critical computers, services, or any resource connected to the component of the Internet infrastructure, because Internet or a private network and it is a critical most network services and applications require a element of the Internet infrastructure because of this it translation step from domain name to IP address to needs a good security mechanism. Domain Name just send the packets out. As a result, even a small System (DNS) Service is the basic support of Internet, part of the DNS infrastructure being unavailable for a which security plays a vital role in the entire Internet. short period of time could have a significant rippling Even a small part of the DNS infrastructure being effect on the rest of the Internet. However, common unavailable for a very short period of time could DNS queries and responses use UDP as their potentially upset the entire Internet and is thus totally transport protocol. The combination of the simplicity unacceptable. The original motivation for this seminar of the DNS protocol and its use of UDP makes DNS title is most solutions are model based on intrusion extremely vulnerable to spoofing-based Denial of detection. Unfortunately, because DNS queries and Service (DoS) attack. Unlike TCP, UDP does not use responses are mostly UDP-based, it is vulnerable to three-way handshake procedure to start a connection spoofing-based denial of service (DoS) attacks, which and therefore has no way to be sure that a UDP are difficult to defeat without incurring significant packet indeed comes from where the packet’s source collateral damage. The key to prevent this type of DoS address indicates. Worse yet, a DNS server only sees attacks is spoof detection, which enables selective one UDP query and replies with one UDP response discarding of spoofed. DNS requests without make for most DNS interactions. Therefore it is not vulnerable the quality of service to legitimate requests. possible for a DNS server to ascertain the identity of On this seminar title we have going to see a the requesting host at the DNS level, either. comprehensive study on spoof detection strategies for protecting DNS servers from DoS attacks. These Denial-of-service attack is a type of attack on a strategies all create some form of cookies for a DNS network that is designed to bring the network to its server to check if each incoming request is indeed from knees by flooding it with useless traffic. Many DoS where the request packet says it is from, but vary in attacks, such as the Ping of Death and Teardrop performance overhead, transparency and deployment attacks, exploit limitations in the TCP/IP protocols. complexity. Which implemented all of them as a For all known DoS attacks, there are software fixes firewall module called DNS guard. Measurements on that system administrators can install to limit the the current DNS guard prototype show that it can damage caused by the attacks. But, like viruses, new deliver up to 80K requests/sec to legitimate users in DoS attacks are constantly being dreamed up by the presence of DoS attacks at the rate of 250K hackers [6]. There are two possible DoS attack requests/sec. strategies against DNS servers. The first is to send a large number of requests to a DNS server to overload Keywords: DNS spoof detection, Defense against it. spoofing-based DNS, DoS attacks, ANS, DDoS
Abstract - The Domain Name System (DNS) is a
There are several spoof detection strategies and implemented all of them in a firewall module called DNS guard, DNS Guard is a family of DNS-based security services that protects your network and Š 2016, IRJET
|
Impact Factor value: 4.45
|
ISO 9001:2008 Certified Journal
|
Page 45