IETF Logo Mail Archive

[DNSOP] tech report on ' dissecting DNS defenses during DDoS'

"Giovane C. M. Moura" <giovane.moura@sidn.nl> Fri, 01 June 2018 09:11 UTC

Return-Path: <giovane.moura@sidn.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1AC01271FD for <dnsop@ietfa.amsl.com>; Fri, 1 Jun 2018 02:11:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sidn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vdd4JXJiBGSQ for <dnsop@ietfa.amsl.com>; Fri, 1 Jun 2018 02:11:01 -0700 (PDT)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 681641275AB for <dnsop@ietf.org>; Fri, 1 Jun 2018 02:11:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn-nl; c=relaxed/relaxed; h=to:from:subject:openpgp:autocrypt:message-id:date:user-agent:mime-version:content-type:content-language:content-transfer-encoding:x-originating-ip:x-clientproxiedby; bh=AKHyFvQ1vz2DG647/uijeHpNpP2AOv5xSjkvMq5sKxo=; b=XiA5+tdYlNwPoDKfKg+vPh3taaIA/yxmDM1nmY4v9xZsphFmTLEXXfY4u9+ZYIB88S9/A80WQPQOK4NysaC6vb1awGn7OQdaRa+OAQqnR4FwgE8mpenwyfRpGgTliOAMNgUXHbgLKyytTGDXk3EGUgik6LtHtIDm+y/B+N63xGD/hOmR64kjsCtRWs6KDWtlj73b3lEkjNPN7B8bzqaipxh6i6vcEGz0S/FhZkupuwmq0O0IAI/Ni5YK+XMYXO4juyK/Lm9xSyEPDxKTC2lZi9LlSyt1Ny8WyWTH4b7n3NiuVYZCy08aoa2LCEEru0TrZpX8lNDZPRFmsU+9q65QDQ==
Received: from ka-mbx01.SIDN.local ([192.168.2.177]) by arn2-kamx.sidn.nl with ESMTP id w519AxtB002884-w519AxtD002884 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL) for <DNSOP@ietf.org>; Fri, 1 Jun 2018 11:10:59 +0200
Received: from [94.198.159.133] (94.198.159.133) by ka-mbx01.SIDN.local (192.168.2.177) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Fri, 1 Jun 2018 11:10:58 +0200
To: DNSOP@ietf.org
From: "Giovane C. M. Moura" <giovane.moura@sidn.nl>
Openpgp: preference=signencrypt
Autocrypt: addr=giovane.moura@sidn.nl; prefer-encrypt=mutual; keydata= xsFNBFVMbBUBEADmotiTvkBBFG0mB1WvbaZ7WsiXBYWTUsJn9B8JE1RUGfbKfPRjVxG367g0 L4RMa/fzSspH0jRyxGS4Eys81wLW3Xo28gy7uSqKXVp5Za1SwZpwodXUlZRkdIjRpG/jS9Cp bg2nqKAGQehDtaNP3iR57ZDPfz8MaCLVkbckD2P+qQHQkamoNrPu7MsO6inCYehGsZeR1j17 UNIFXEFrPgZ8gE60tREyoN5dkaaofyt1cwz5pEVmG7q5is7FG9b4SfRxCl5gOX8210xWG6Dj OHn2SAl1r/CG3qotpDIYO4AK3pre1rIXvZ3Eq9Ll6EuigErgOsZ98iBXxs2RPfaz9wmJ8/pV FwIUyw9iBBbyVZjbKlpJIzvNIMKPQ+O+CzHu0TDNAQCUshvYKVXTmplO8qqGTidrA44SvYgY GqUAxwgO0/RCKSbILwr4IfFQ0Y2ZikOqvowfnNlM/JyEDpduj6+poxUH7m1vu94vbz/e86LY /6DJtth1qaHHvbk6MfItpawHjhEa5WnsGObX4M+v6juhmH712mVzNi9BexBBL7aI5LolD9AQ VzYz9yvR/MyLhcnXu8om7+xo13G9excdOoMiVZkSMy5xHK9oOEmLdqWvL81zj5OMSMJ85HVc Q13AuVnwJWYKAzqmuVA04YkaPy7pBeP+qPUjB1rbd8jkBMbvswARAQABzStHaW92YW5lIEMu IE0uIE1vdXJhIDxnaW92YW5lLm1vdXJhQHNpZG4ubmw+wsF4BBMBAgAiBQJVTGwVAhsDBgsJ CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCXBXsdk6xDNsHID/9CQ9puwfvnNC9c2iotF+Bl GkkvcWw+osQCfhUuHIyIeYcG0zFlmEOLFqIbL+zcxHLIkC+FMwKPOv6I9/eKyXTR0NhqM/t6 hV/A9aH0UM/9pp1CFKekjFN4YImvhK1XclSUj03jS5F0yP4vGdpk11OzGF9VkAmAGFXd1yA9 W6AoWhie347iLZuk4x9sX1AnFwgyc35RQQDNZXyG4WSaYYeUk2cCf8e/V+Z9oPQVaN+SjPLM 4N4CsQl3knjC1ntwJzgVCt7U5SAYQhK3WrcWPylpNne8piusZv2T5EMKdkpbRJTS7Yoqf5WX V2N7wedP0jPJqowpicNojznkiEEIaFviCQ7XmJcCrLmSnfTbk29BzzzCdTruJlMz0VG+krzb 48eyihZzkpaqTSl/Sj7s0b2bGNZsNUSzqeT/Ja47vPa5gwnBnH54GveOp1yGdbk2ynQ5VDHC idPjQyWtJ6bWbHxP75DrcifzPOf6+N3kiL/DxGo5K0yffr6XYKKC40cRE1Uhv1KjRhEXf4nV xEB8t1ov2ZdGdTa1UirUfjI7aH/HCdmCp19Q9Ukk+zmr6HSB8CynUEPmfcWjH07fiXtah1BL LTE1maudSwChGKBxOCFqFNHnit68ZHHlDc/ZBj3TnMVQQsFY4hrbzcpILjQ1z1BAzOHfyX+k BXj+zRmDD+Bnzs7BTQRVTGwVARAA1JfQJ5GDL7r3k7+Di0tE0hEmWEAl5YA6oEUfrYLzNXQc PFhHdu9czyBLf3ncKWY+3g+PQSY3bMlV8ExVWqTIJzV0dgQtQGNHbVhaRcoQcWYkFd1POwVO ZdrIEv4CYZkTf1SfkDMxQKpYVr7RdXDa7m4bUySMSs3cvrPPWGver1IzWesd5J1DeCmngd8t UR6oYpF/2/Tvf6kxgCvIj5INGaVlEY4A6Eb0Y3My3zVI7jQYzkxlKp3txYjEb+sHEuwxmWai ZCs0dX82OjDwGMyPt1fJj1fHcYnp8ouIXAhBvaY5jYTJ0qTnm4/YCTDSKIeEWU6YnM6TQ3gN 4J3iI86QznSebGx/6zUS6HZKoXr1eEXBZLFgVgiqPt6v141GDh5vfyKF54eoKeDATTAQxyHm 3D1uyTnXxF5/hAK6mDLCqyvV+HHduZDyQcikyJF1qhaYiMC2awcr8QNuqMZiCu4lMY6+xcR5 5m+P8+QuREdR8zQ+TPEQ1xQfR0bE9Seg/6is70y7b7qSOIzQaaRWL3CmgRpgq1ojdN3hFidW 30HQ0xqM+HjVl6I1ux5FFS+Bz4qx4yhutG8DjEd1Uyvo5elRdCRNrnF+chHyiQPl8KjS/8uo DRZW3Q7z9KALLi52EDEZRCodCYxv0Kp2V0LzK2VJ7+6OFMhipHtTGZla1ztNUKUAEQEAAcLB XwQYAQIACQUCVUxsFQIbDAAKCRCXBXsdk6xDNhaPEACTj+rfzW+0NnQIMF5rLg9AuzDOaHJh CUj5hLL/sX/dXkOreqGBzwXrmvCGPl5qq5bklnpVNkcvyIarB2SbxrZuT8Z+xqCc47B+5AmI bU4XmEPp9Nw5lO0tBWe8p+0usymIlVE0HRGV45sygEowTaHwp4+1xLA9pduYvVHq1onBA22X XH/nxI0r20SeegJQr3RGkdKTDZ+rswlrl+1+FRgA9GcHYKj4IPI911I2DJBydKjzLg+xOulo tOukuDnyTWGz8ubPZIyAgQRFEWKWWEOAFqAZOYy0/8DX4GbON+29e4seIW3Cq4zc+p85km7g T1u+Ape6pQGU4BKcvHbeV7gsh9xTqeyqgTaCf2BF+d2qrWSP0ub0G9gi5f7Bim8CEMCyg4rE BMpIDvUFpKSHPluT/KnigQzfUvXz8lkpOFQL6wSJILSHc63tIfPGR2kRnmjumH49JHlIPIiG RoVQVE/t+TLGsrQqyjIxmtZEqURK1PiPJK0XWMazBNFlfLpk7XjmiyIWLJYpzUAXeNA9Th7R MyZgeP8DYHvVwhSuQPiQWkgMQ5SDw9j+EwhfS3zIlvqHfESYQHyOWR26L8N8s7+Hr3PBfN07 5AxVKWXDlq55TINC+uHIPPFAnpZ7Hr+RUff+gM885KqxD+e0E5uMKP9lUANpf/a2oa3OlU1M /a42dA==
Message-ID: <8d585429-4b31-c339-e488-84d7cd1aa4de@sidn.nl>
Date: Fri, 01 Jun 2018 11:10:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [94.198.159.133]
X-ClientProxiedBy: ka-hubcasn02.SIDN.local (192.168.2.172) To ka-mbx01.SIDN.local (192.168.2.177)
X-FEAS-SPF: 2 / 2, ip=94.198.159.133, helo=, mailFrom=giovane.moura@sidn.nl, headerFrom=giovane.moura@sidn.nl
Authentication-Results: arn2-kamx.sidn.nl; spf=pass (sidn.nl: domain of giovane.moura@sidn.nl designates 94.198.159.133 as permitted sender) smtp.mailfrom=giovane.moura@sidn.nl
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/059Oue9mv_JtY2VuQt3iTIuIxmU>
Subject: [DNSOP] tech report on ' dissecting DNS defenses during DDoS'
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2018 09:11:10 -0000

Folks,

We have a new tech report that analyzes DNS defenses during DDoS atacks
using controlled experiments and production data.
Some of you may find it interesting.

PDF:  https://isi.edu/~johnh/PAPERS/Moura18a.pdf
Ripe Atlas blog:
https://labs.ripe.net/Members/giovane_moura/dissecting-dns-defenses-during-ddos-attacks

thanks,

/giovane

v2.23.0 | Report a Bug | By Email