Dark Side of the DNS Force
us-16-Wu-Dark-Side-Of-The-DNS-Force us-16-Wu-Dark-Side-Of-The-DNS-Force
Intro Subdomain Mechanism Impact Outro Operation Mitigation Impact • Attacking target domain’s authoritative name servers • Collateral damages of DNS resolvers along the path • Enablers: • Subdomain generator • (optional) Open resolvers • (optional) Spoofed sending addresses Resolver Resolver what is IP address of victim.com? victim’s name server victim.com.
Intro Subdomain Mechanism Impact Outro Operation Mitigation Operation Disruption Authoritative name server often serves more than one domain, so does DNS resolver (cache/recursive) A major ISP operation may be taken down by small-scale subdomain attacks • 2gbps vs 300gbps
- Page 1 and 2: Dark Side of the DNS Force ERIK WU
- Page 3 and 4: Intro Subdomain Mechanism Impact Ou
- Page 5 and 6: Intro Subdomain Mechanism Impact Ou
- Page 7 and 8: Intro Subdomain Mechanism Impact Ou
- Page 9 and 10: Intro Subdomain Mechanism Impact Ou
- Page 11 and 12: Intro Subdomain Mechanism Impact Ou
- Page 13 and 14: Intro Subdomain Mechanism Impact Ou
- Page 15 and 16: Intro Subdomain Mechanism Impact Ou
- Page 17 and 18: Intro Subdomain Mechanism Impact Ou
- Page 19: Intro Subdomain Mechanism Impact Ou
- Page 23 and 24: Intro Subdomain Mechanism Impact Ou
- Page 25: Thanks and Questions
Intro<br />
Subdomain<br />
Mechanism<br />
Impact<br />
Outro<br />
Operation<br />
Mitigation<br />
Operation Disruption<br />
Authoritative name server <strong>of</strong>ten serves more than one domain,<br />
so does <strong>DNS</strong> resolver (cache/recursive)<br />
A major ISP operation may be taken down by small-scale<br />
subdomain attacks<br />
• 2gbps vs 300gbps