MADDVIPR: Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention

In collaboration with researchers from the University of Twente, Netherlands, we will perform comprehensive analysis of the DDoS attacks targeting the DNS and assess vulnerabilities that threaten the resilience of the DNS under such DDoS attacks.

Sponsored by:
Department of Homeland Security (DHS)

Principal Investigators: kc claffy Alberto Dainotti

Funding source:  FA8750-19-2-0004 Period of performance: November 1, 2018 - January 31, 2022.


Project Summary

The Domain Name System (DNS) is one of the core Internet services. It provides the vital function of translating human readable domain names into IP addresses and supports most Internet applications, commercial content distribution platforms, and many security services. Distributed Denial of Service (DDoS) attacks against the DNS can therefore have devastating effects.

Rigorous and systematic measurement and analysis are essential for quantifying the risks of DDoS attacks against DNS and the benefits of proposed solutions. In this project we seek to develop and extend tools that generate actionable intelligence to support protecting the DNS against DDoS attacks, including, wherever possible, preventing such attacks before they occur. To attain this objective, we will:

  • perform a systematic analysis of vulnerabilities in the current DNS using comprehensive active DNS measurement data from the OpenINTEL project that covers 60% of the global DNS name space;
  • analyze the DNS DDoS ecosystem, identifying attack sources, targets, and characteristics;
  • synthesize the resulting insights into a coherent unified view that considers both ongoing attacks and current vulnerabilities.

The results of this project will provide recommendations for protective measures that would help to minimize the risk and impact of DDoS attacks as well as yield clear guidance for improving DNS resilience.

Statement of Work

Task Description Outcome Lead Date Status
Year 1: Identifying DNS Single-Points-of-Failure Vulnerabilities
1.1 Background research on DNS vulnerabilities Report Univ. of Twente Jan 31, 2019 done
1.2 Identify DNS single-points-of-failure Report Univ. of Twente Oct 31, 2019 done
Year 2: Data, DNS Vulnerabilities and the DNS DDoS Ecosystem
2.1 Develop strategies to make OpenINTEL data available via IMPACT Report CAIDA Apr 30, 2020 done
2.2 Design and prototype DNSAttackStream Software CAIDA Sep 30, 2020 done
2.3 Identify DNS resilience vulnerabilities to DDoS attacks Report Univ. of Twente Apr 30, 2020
Oct 31, 2020
done
 
Year 3: Designing and Prototyping MADDVIPR
3.1 Describe actionable information to be provided as output Report Joint Jan 31, 2021 done
3.2 Design the MADDVIPR framework Software Joint Apr 30, 2021 done
3.3 Prototype MADDVIPR Software Joint Oct 31, 2021 done
Year 4: Consolidation and Dissemination of Results
4.1 Write Ph. D. Thesis Report Univ. of Twente Oct 31, 2022
4.2 Provide actionable recommendations for DNS operators Report Joint Jan 15, 2022

Publications


Additional Content

MADDVIPR: Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention - Proposal

The proposal “Mapping DNS DDoS Vulnerabilities to Improve Protection and Prevention”

Published
Last Modified