Lower risk of DDoS with DNSSEC implementation
Domain Name Systems (DNS) is vital to today’s Internet’s infrastructure. Its main objective is to translate human-friendly domain names into a computer-friendly numerical IP address. Unfortunately, DNS cache poisoning attacks are one of the many devastating attacks that DNS suffers from. Domain Name...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/77622 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Domain Name Systems (DNS) is vital to today’s Internet’s infrastructure. Its main objective is to translate human-friendly domain names into a computer-friendly numerical IP address. Unfortunately, DNS cache poisoning attacks are one of the many devastating attacks that DNS suffers from. Domain Name Servers Security Extensions (DNSSEC) as one of the many counter-measures to DNS cache poisoning. However, DNSSEC can be exploited by attackers due to another vulnerability, DDoS attacks. In this report, research was done on alternate DNS defence techniques against DNS cache poisoning. Upon analysing the pros and cons of existing solutions, a proposed solution of DNSSECTime was drawn. DNSSECTime is the proposed solutions that pairs up together with DNSSEC to form a concrete defence against DNS cache poisoning and DDoS. DNSSECTime utilises time as a variable to determine if a packet is genuine or otherwise. The value used is the TTL that is found in the IP Header of each packet. Additionally, other variables, capacity of the DNS Server and length of the packet, are taken into account in the decision making. |
|---|