Ever since the introduction of the domain name system (DNS), attacks on the DNS ecosystem have been a steady companion. Over time, targets and techniques have shifted, and in the recent past a new type of attack on the DNS has emerged. In this paper we report on the DNS random subdomain attack, querying floods of non-existent subdomains, intended to cause a denial-of-service on DNS servers. Based on five major attacks in 2018 obtained through backscatter measurements in a large network telescope, we show the techniques pursued by adversaries, and develop a taxonomy of strategies of this attack.

Original languageEnglish
Title of host publication2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS)
Subtitle of host publicationProceedings
Place of PublicationPiscataway
PublisherIEEE
Pages1-5
Number of pages5
ISBN (Electronic)978-1-7281-1542-9
ISBN (Print)978-1-7281-1543-6
DOIs
Publication statusPublished - 2019
Event10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019 - Canary Islands, Spain
Duration: 24 Jun 201926 Jun 2019

Conference

Conference10th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2019
CountrySpain
CityCanary Islands
Period24/06/1926/06/19

    Research areas

  • Cyber threat intelligence, DDoS, DNS, Random subdomain attack

ID: 56764952