Detecting and Mitigating DNS Amplification Attack in Cybersecurity Lab

cybersecurity security and p4 programmable n.w
1 / 13
Embed
Share

Learn how to detect and mitigate DNS amplification attacks in cybersecurity using P4 programmable switches. Understand the Domain Name System's vulnerability to such attacks, the attacker's method, and effective defense strategies. Enhance your knowledge of cybersecurity through practical lab scenarios.

  • Cybersecurity
  • DNS Amplification
  • P4 Switches
  • Lab
  • Security+
rayaanacharya
verben Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cybersecurity (Security+) and P4 Programmable Switches Lab 8: Detecting and Mitigating the DNS Amplification Attack Ali AlSabeh, Jorge Crichigno University of South Carolina http://ce.sc.edu/cyberinfra Western Academy Support and Training Center (WASTC) University of South Carolina (USC) Energy Sciences Network (ESnet) June 22nd, 2023 1

  2. Lab 8: Detecting and Mitigating the DNS Amplification Attack 2

  3. Domain Name System (DNS) The Domain Name System (DNS) is an essential component of the internet It is responsible for translating human- readable domain names into IP addresses that can be understood by devices connected to the internet1 3 HTTP GET/POST sc.edu server 1 2 What is the IP of sc.edu ? IP address sc.edu: 129.252.90.108 DNS resolver 1Amazon, What is DNS? [Online]. Available: https://tinyurl.com/ynb9esn6 3

  4. DNS Amplification Due its frequent use on the Internet, the DNS is susceptible to many attacks DNS amplification is an attack that exploits the infrastructure of the DNS to create a Distributed Denial of Service (DDoS) on a target victim Thus, rendering the victim unresponsive due to the large amount of traffic received DNS server responds to all requests DNS server Victim Attacker starts DNS amplification attack Attacker 4

  5. DNS Amplification In a DNS amplification attach, the attacker sends DNS requests with spoofed source IP address of the target victim The DNS server responds to all the requests and send them to the target victim Typically, a valid response is much larger than the request DNS server responds to all requests DNS server Victim Attacker starts DNS amplification attack Attacker 5

  6. Attack Scenario The amplification attack using the source IP address of the victim The DNS server responds to the DNS requests and sends them to the victim The P4 switch drops all the DNS replies that do not associate with DNS requests issued by the victim The P4 switch forwards legitimate DNS replies requested by the victim attacker performs a DNS Victim sends a DNS query DNS server responds to all requests DNS server Victim P4 switch forwards only the legitimate DNS response Attacker starts DNS amplification attack Attacker 6

  7. DNS Header Fields UDP packets with source or destination port 53 are DNS packets The transaction ID is generated by the client upon sending a DNS request The DNS qr flag indicates that the DNS packet is request (qr=0) or response (qr=1) ID qr opcode aa tc rd ra z rcode Header qdcount Question ancount Answer nscount Authority arcount Additional 7

  8. Lab Topology The topology consists of: Host h1 representing the victim of the DNS amplification attack Host h2 representing the attacker and the DNS resolver Programmable switch s1 that forwards traffic and protects against DNS amplification attack h1 s1 h2 Victim Attacker h1-eth0 s1-eth0 s1-eth1 h2-eth0 10.0.0.1 10.0.0.2 8

  9. DNS Amplification without Mitigation Inspecting resource usage at the victim Performing DNS amplification 9

  10. DNS Amplification Mitigation with P4 Defining DNS header Transitioning and extracting DNS header 10

  11. DNS Amplification Mitigation with P4 Defining a function that computes a unique flow ID based on the 5-tuple (used for DNS requests) Defining a function that computes a unique flow ID based on the 5-tuple (used for DNS replies) 11

  12. DNS Amplification Mitigation with P4 Using the flow ID to retrieve the transaction ID of DNS request saved in a P4 register and comparing it with the transaction ID of the received DNS reply Using the flow ID to save the transaction ID of DNS request in a P4 register 12

  13. DNS Amplification with Mitigation Inspecting resource usage at the victim Performing DNS amplification 13

Related


Roadmap for DNS Load Balancing Service at CERN - HEPiX Autumn 2020 Workshop

Roadmap for DNS Load Balancing Service at CERN - HEPiX Autumn 2020 Workshop

norbert
Network Denial of Service (DoS) Attacks

Network Denial of Service (DoS) Attacks

zahra
Domain Name Service (DNS) in Linux Network Administration

Domain Name Service (DNS) in Linux Network Administration

teey962
Automating DNS Maintenance with Catalog Zones: A New Approach

Automating DNS Maintenance with Catalog Zones: A New Approach

kkai
Domain Name System (DNS) and Content Distribution Networks (CDNs)

Domain Name System (DNS) and Content Distribution Networks (CDNs)

idecl
DNS Forensics & Protection: Analyzing and Securing Network Traffic

DNS Forensics & Protection: Analyzing and Securing Network Traffic

hanish
DNS Performance and Issues in Information-Centric Networks

DNS Performance and Issues in Information-Centric Networks

jennli
DNS Flag Day and EDNS: A Comprehensive Overview

DNS Flag Day and EDNS: A Comprehensive Overview

tri_m
DNS Testing and Signatures Rollover Analysis

DNS Testing and Signatures Rollover Analysis

naif959
Mechanism of Br2 Attack on Trans-Cinnamic Acid

Mechanism of Br2 Attack on Trans-Cinnamic Acid

wzam
DNS Centrality: The Internet's Core Challenge

DNS Centrality: The Internet's Core Challenge

aren_ete
Challenges of DNS Centrality in Internet Infrastructure

Challenges of DNS Centrality in Internet Infrastructure

jessic
The Domain Name System (DNS) Structure

The Domain Name System (DNS) Structure

paj
Proactive Network Protection Through DNS Security Insights

Proactive Network Protection Through DNS Security Insights

rserv
Network Security Fundamentals

Network Security Fundamentals

chae_220
DNS Security Mechanisms

DNS Security Mechanisms

lunau
DNSSEC: Adding Digital Signatures to DNS Responses

DNSSEC: Adding Digital Signatures to DNS Responses

sdaco
DNS Registration: Importance and Process Explained

DNS Registration: Importance and Process Explained

ajas
DNS and Network Address Translation

DNS and Network Address Translation

ahm_mcq
Enhancing Privacy in DNS Zone Exchanges

Enhancing Privacy in DNS Zone Exchanges

aronoff_j
DNS Openness - Exploring the Impact of DNS Regulations on Information Access

DNS Openness - Exploring the Impact of DNS Regulations on Information Access

jeff_83
Social Engineering Attack Framework (SEAF) - Understanding the Process

Social Engineering Attack Framework (SEAF) - Understanding the Process

ito_ime

More Related Content