^ Top

NANOG Meeting Presentation Abstract

Better than Best Practices are Needed to Defeat DNS Amplification Attacks
Meeting: NANOG59
Date / Time: 2013-10-07 3:30pm - 4:00pm
This item is webcast
Room: Akimel Ballroom 3 & 4
Presenters: Speakers:

Ralf Weber, Nominum

Ralf Weber joined Nominum as Senior Infrastructure Architect in January 2010 and is responsible for helping customers to architect and deploy Nominum technology. Prior to joining Nominum he worked at Colt Telecom where he was responsible for their european wide DNS network. He also was on the Technical Advisory Board of DENIC, the worlds largest ccTLD, where he helped bringing DNSSEC to the .de domain. In addition to that he is participating in the IETF and RIPE DNS related working groups, and is an elected Trusted Community Representatives (Backup Recovery Key Share Holder) for the root key management. He lives near Frankfurt with his wife and three kids, which occupy most of his not DNS related free time.
Abstract: They aren't making headlines but DNS amplification attacks continue around the world, attackers with modest skill and resources are substantially stressing network infrastructure. In the past attacks on authoritative DNS servers received attention. Now, attacks using DNS resolvers are evolving and Best Practices - preventing address spoofing, and restricting IP ranges that can access resolvers - are no longer effective.

The current generation of attacks leverages home gateways that forward DNS queries coming in on their WAN interface, masking the origin of queries when they arrive at a resolver. It's unlikely vulnerable home gateways can be updated anytime soon, so this presentation will describe how log data from DNS resolvers can be used to identify attacks and detail proposals for mitigating them without impacting legitimate DNS traffic.
Files: youtubeBetter than Best Practices are Needed to Defeat DNS Amplification Attacks
pdfBetter than Best Practices are Needed...(PDF)
Sponsors: None.

Back to NANOG59 agenda.

NANOG59 Abstracts

  • Datacenter Track
    Moderators:
    Martin HanniganAkamai Technologies, Inc.; .
    Daniel Golding, Iron Mountain;
  • Datacenter Track
    Moderators:
    Martin HanniganAkamai Technologies, Inc.; .
    Daniel Golding, Iron Mountain;

 

^ Back to Top