Lower risk of DDoS with DNSSEC implementation
Domain Name Systems (DNS) is vital to today’s Internet’s infrastructure. Its main objective is to translate human-friendly domain names into a computer-friendly numerical IP address. Unfortunately, DNS cache poisoning attacks are one of the many devastating attacks that DNS suffers from. Domain Name...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/77622 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-77622 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-776222023-07-07T17:21:13Z Lower risk of DDoS with DNSSEC implementation Pek, Jonathan Xiang Sheng Ma Maode School of Electrical and Electronic Engineering DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks DRNTU::Engineering::Computer science and engineering::Software::Software engineering Domain Name Systems (DNS) is vital to today’s Internet’s infrastructure. Its main objective is to translate human-friendly domain names into a computer-friendly numerical IP address. Unfortunately, DNS cache poisoning attacks are one of the many devastating attacks that DNS suffers from. Domain Name Servers Security Extensions (DNSSEC) as one of the many counter-measures to DNS cache poisoning. However, DNSSEC can be exploited by attackers due to another vulnerability, DDoS attacks. In this report, research was done on alternate DNS defence techniques against DNS cache poisoning. Upon analysing the pros and cons of existing solutions, a proposed solution of DNSSECTime was drawn. DNSSECTime is the proposed solutions that pairs up together with DNSSEC to form a concrete defence against DNS cache poisoning and DDoS. DNSSECTime utilises time as a variable to determine if a packet is genuine or otherwise. The value used is the TTL that is found in the IP Header of each packet. Additionally, other variables, capacity of the DNS Server and length of the packet, are taken into account in the decision making. Bachelor of Engineering (Electrical and Electronic Engineering) 2019-06-03T07:13:07Z 2019-06-03T07:13:07Z 2019 Final Year Project (FYP) http://hdl.handle.net/10356/77622 en Nanyang Technological University 42 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks DRNTU::Engineering::Computer science and engineering::Software::Software engineering |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks DRNTU::Engineering::Computer science and engineering::Software::Software engineering Pek, Jonathan Xiang Sheng Lower risk of DDoS with DNSSEC implementation |
| description |
Domain Name Systems (DNS) is vital to today’s Internet’s infrastructure. Its main objective is to translate human-friendly domain names into a computer-friendly numerical IP address. Unfortunately, DNS cache poisoning attacks are one of the many devastating attacks that DNS suffers from. Domain Name Servers Security Extensions (DNSSEC) as one of the many counter-measures to DNS cache poisoning. However, DNSSEC can be exploited by attackers due to another vulnerability, DDoS attacks. In this report, research was done on alternate DNS defence techniques against DNS cache poisoning. Upon analysing the pros and cons of existing solutions, a proposed solution of DNSSECTime was drawn. DNSSECTime is the proposed solutions that pairs up together with DNSSEC to form a concrete defence against DNS cache poisoning and DDoS. DNSSECTime utilises time as a variable to determine if a packet is genuine or otherwise. The value used is the TTL that is found in the IP Header of each packet. Additionally, other variables, capacity of the DNS Server and length of the packet, are taken into account in the decision making. |
| author2 |
Ma Maode |
| author_facet |
Ma Maode Pek, Jonathan Xiang Sheng |
| format |
Final Year Project |
| author |
Pek, Jonathan Xiang Sheng |
| author_sort |
Pek, Jonathan Xiang Sheng |
| title |
Lower risk of DDoS with DNSSEC implementation |
| title_short |
Lower risk of DDoS with DNSSEC implementation |
| title_full |
Lower risk of DDoS with DNSSEC implementation |
| title_fullStr |
Lower risk of DDoS with DNSSEC implementation |
| title_full_unstemmed |
Lower risk of DDoS with DNSSEC implementation |
| title_sort |
lower risk of ddos with dnssec implementation |
| publishDate |
2019 |
| url |
http://hdl.handle.net/10356/77622 |
| _version_ |
1772826091261526016 |