DocumentCode
1679710
Title
Measurement of DNS Traffic Caused by DDoS Attacks
Author
Ishibashi, Keisuke ; Toyono, Tsuyoshi ; Matsuoka, Hirotaka ; Toyama, Katsuyasu ; Ishino, Masahiro ; Yoshimura, Chika ; Ozaki, Takehiro ; Sakamoto, Yuichi ; Mizukoshi, Ichiro
Author_Institution
NTT Corporation
fYear
2005
Firstpage
118
Lastpage
121
Abstract
We report the measurement results of Domain Name System (DNS) traffic during the periods of DDoS attacks against a Web server. The attack was caused by virus infected machines. We monitored DNS query packets at DNS cache servers of an Japanese ISP, Open Computer Networks (OCN). We especially focused on those sent by the virus to find the IP address of the target web server. By analyzing the measurement results in detail, we found that the DNS configuration change of the authoritative DNS servers of the target site caused a significant increase in the number of queries.We also show how the DNS operators mitigated those queries by changing the configuration of DNS cache servers and authoritative servers.
Keywords
Computer crime; Computer networks; Computerized monitoring; Current measurement; Domain Name System; IP networks; Network servers; Telecommunication traffic; Web and internet services; Web server;
fLanguage
English
Publisher
ieee
Conference_Titel
Applications and the Internet Workshops, 2005. Saint Workshops 2005. The 2005 Symposium on
Print_ISBN
0-7695-2263-7
Type
conf
DOI
10.1109/SAINTW.2005.1619992
Filename
1619992
Link To Document