arming the defenseless an incentive based approach to dns
play

Arming the Defenseless: An Incentive-based Approach to DNS - PowerPoint PPT Presentation

Jul 02, 2023 •206 likes •314 views

Arming the Defenseless: An Incentive-based Approach to DNS Reflection Prevention Casey Deccio, Brigham Young University AIMS 2017 CAIDA, UCSD, La Jolla, CA March 1, 2017 Reflection/Amplification-based DDoS Attack Queries Responses

  1. Arming the Defenseless: An Incentive-based Approach to DNS Reflection Prevention Casey Deccio, Brigham Young University AIMS 2017 CAIDA, UCSD, La Jolla, CA March 1, 2017

  2. Reflection/Amplification-based DDoS Attack Queries Responses ((spoofed)A → B) (B → A) Victim Servers Attackers (Address A) (Globally distributed) (Address B)

  3. DNS Response Rate Limiting (RRL) RRL • Responses rate limited based on: • Frequency of incoming domain name/type/source IP • Responses are small – simply request retry over TCP • Legitimate clients still have a reasonable chance • Weaknesses: • Relies on a threshold • Deals with amplification, but not reflection

  4. DNS Cookies • Server sends cookie to client • Cookie must be included in subsequent requests • Server drops requests from clients that don’t have cookies • Effective for source IP address validation • Weaknesses: • Cannot be effectively enforced www.example.com (NOCOOKIE) COOKIE: 1234 www.example.com (COOKIE:1234) 192.0.2.1 DNS server DNS Client

  5. Source Address Filtering: Best Current Practice 38 (BCP38) • Filter IP packets whose source IP addresses don’t originate in-network • That’s it! Queries ((spoofed)A → B) Victim Servers Attackers (Address A) (Globally distributed) (Address B)

  6. Incentives Increase DNS RRL BCP38 Resources

  7. We either need to incentivize the parties capable of effective solutions or develop effective mechanisms that can be deployed by those with incentive

  8. Network Capability Assertion In a Nutshell • Server enforces source address validation mechanism • on demand; or • all the time • To enforce source address validation • a server performs a lookup of network capabilities; and • ignores requests that don’t validate

  9. Reflection with Enforcement of Source IP Address Validation Queries ((spoofed)A → B) Victim Servers Attackers (Address A) (Globally distributed) (Address B)

  10. Advertising and Detecting Network Capabilities – in the DNS • Publish and lookup in .arpa tree in the DNS arpa • Example: for 192.0.2.1, query the DNS for 2.0.192.in-addr.arpa • Network capabilities specified at 8-bit granularity in-addr • Child inherits default policy from parent 191 192 193 … … • Server assumes defaults until lookup completes 0 2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Incentive-Based Approach to Curbing Automobile Use in the Washington, DC Metropolitan Area

An Incentive-Based Approach to Curbing Automobile Use in the Washington, DC Metropolitan Area

An Incentive-Based Approach to Curbing Automobile Use in the Washington, DC Metropolitan Area Emily Freimuth Daniel Selden Andrew Kimmel Brendan Shera The Problem Urban Sprawl Increased Commuting from Suburbs Via Automobiles Increased

381 views • 34 slides
Looking For A Web Based Incentive Solution? Maxim imiz ize a any poin int o or p plateau

Looking For A Web Based Incentive Solution? Maxim imiz ize a any poin int o or p plateau

Looking For A Web Based Incentive Solution? Maxim imiz ize a any poin int o or p plateau based in incentive, recognit itio ion, s safety or l loyalty program wit ith www www.reward-you ourself.com om Program Overview Each

640 views • 14 slides
Arming the patients immune system to fight cancer 2Q & 1H 2017 presentation August 24 th

Arming the patients immune system to fight cancer 2Q & 1H 2017 presentation August 24 th

Arming the patients immune system to fight cancer 2Q & 1H 2017 presentation August 24 th 2017 www.targovax.com Important notice and disclaimer This report contains certain forward-looking statements based on uncertainty, since they relate

410 views • 25 slides
Arming the patients immune system to fight cancer Pareto Securities 8 th Annual Healthcare

Arming the patients immune system to fight cancer Pareto Securities 8 th Annual Healthcare

Arming the patients immune system to fight cancer Pareto Securities 8 th Annual Healthcare Conference September 7 th 2017 www.targovax.com Important notice and disclaimer This report contains certain forward-looking statements based on

757 views • 24 slides
R&D Tax Incentive - What is in it for advanced manufacturing? 30 th March 2016 Dr Greg Thomas

R&D Tax Incentive - What is in it for advanced manufacturing? 30 th March 2016 Dr Greg Thomas

R&D Tax Incentive - What is in it for advanced manufacturing? 30 th March 2016 Dr Greg Thomas Assistant State Manager AusIndustry - Business Services R&D Tax Incentive Programme Overview A broad-based, market-driven, self assessment

386 views • 11 slides
Split-Ticket Voting: An Implicit Incentive Approach Galina Zudenkova Department of Economics

Split-Ticket Voting: An Implicit Incentive Approach Galina Zudenkova Department of Economics

Introduction Model Efforts Rule Dynamics Empirics Summary Split-Ticket Voting: An Implicit Incentive Approach Galina Zudenkova Department of Economics Universidad Carlos III de Madrid North American Summer Meeting of the Econometric

862 views • 84 slides
Green Energy Program Program & Incentive Revisions Incentive Change Green Energy Fund

Green Energy Program Program & Incentive Revisions Incentive Change Green Energy Fund

Green Energy Program Program & Incentive Revisions Incentive Change Green Energy Fund Backlog Flexibility Market Change - SRECs Cooperation with Renewable Energy Industry Capacity / Performance Based Incentives Extra

145 views • 14 slides
Incentive Programs Incentives Summary Aviation Development Zone (ADZ) Job Growth

Incentive Programs Incentives Summary Aviation Development Zone (ADZ) Job Growth

OEDIT Performance-Based Incentive Programs Incentives Summary Aviation Development Zone (ADZ) Job Growth Incentive Tax Credit (JGITC) Strategic Fund Job Creation Colorado FIRST / Existing Industry Customized Job

108 views • 10 slides
Eligible Hospital (EH) Onboarding Approach for the Meaningful Use (MU) Incentive Program Promise

Eligible Hospital (EH) Onboarding Approach for the Meaningful Use (MU) Incentive Program Promise

Eligible Hospital (EH) Onboarding Approach for the Meaningful Use (MU) Incentive Program Promise Nkwocha, MSc. RHCE New York rk City ity Department of Healt lth and Mental l Hygie iene IN INTRODUCT CTION New York City Department of

625 views • 21 slides
Closing the gender pay gap Arming women with the tools to negotiate their pay, conditions and

Closing the gender pay gap Arming women with the tools to negotiate their pay, conditions and

Closing the gender pay gap Arming women with the tools to negotiate their pay, conditions and employment contracts Agenda Facts & Figures Terms & Conditions Negotiating Your Contract Naomi Hatcher, Rachel Smith, Sarah Atkinson,

797 views • 28 slides
SOL SOLUTION UTION FO FOR R PR PRAWN WN FAR ARMING MING Marcell B. de Carvalho Ridley

SOL SOLUTION UTION FO FOR R PR PRAWN WN FAR ARMING MING Marcell B. de Carvalho Ridley

REC RECIR IRCUL CULATION TION AQU QUACUL CULTURE TURE SY SYSTEM STEM (RAS) (RAS) - A BIOSECUR A BIOSECURITY ITY SOL SOLUTION UTION FO FOR R PR PRAWN WN FAR ARMING MING Marcell B. de Carvalho Ridley Aquafeed OVER VERVI

875 views • 17 slides
Agent based simulation of incentive mechanisms for photovoltaic adoption DISI, University of

Agent based simulation of incentive mechanisms for photovoltaic adoption DISI, University of

Agent based simulation of incentive mechanisms for photovoltaic adoption DISI, University of Bologna Valerio Iachini, Andrea Borghesi , Michela Milano Context Sustainable energy policies Complex issues: rapidly changing environments,

89 views • 8 slides
The Merit-Based Incentive Payment System (MIPS) CONTINUED SHIFT FROM VOLUME TO VALUE presented

The Merit-Based Incentive Payment System (MIPS) CONTINUED SHIFT FROM VOLUME TO VALUE presented

The Merit-Based Incentive Payment System (MIPS) CONTINUED SHIFT FROM VOLUME TO VALUE presented by: AARON ELIAS, MSHA MACRA Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) FFS payment adjustments based on individual

508 views • 28 slides
Andover CAPS BOE Presentation 12/10/19 Big concept Arming students with EXPERIENCES for a

Andover CAPS BOE Presentation 12/10/19 Big concept Arming students with EXPERIENCES for a

Andover CAPS BOE Presentation 12/10/19 Big concept Arming students with EXPERIENCES for a clearer future Short term goals = Success of a long term vision Meet with your Learn and practice Build a network of Engage in authentic network and

654 views • 14 slides
F ARMING & F ORESTRY I N MD Research Supported by the Harry R. Hughes Center for

F ARMING & F ORESTRY I N MD Research Supported by the Harry R. Hughes Center for

Planning.Maryland.gov T HE F UTURE OF S USTAINABLE F ARMING & F ORESTRY I N MD Research Supported by the Harry R. Hughes Center for Agro-Ecology American Farmland Trust, Maryland Department of Planning, and Land Stewardship Solutions LLC

533 views • 21 slides
Comprehensive Primary Care Plus Performance-Based Incentive Payments & Comprehensive Primary

Comprehensive Primary Care Plus Performance-Based Incentive Payments & Comprehensive Primary

Comprehensive Primary Care Plus Performance-Based Incentive Payments & Comprehensive Primary Care Payment APM Fee-for-Service OHP Members October 2017 Presenters Summer Boslaugh Jamal Furqan Transformation Analyst Strategy and Program

500 views • 25 slides
Fiscal Year 2012 Department of Education Budget Request Stakeholder Briefing February 14, 2011

Fiscal Year 2012 Department of Education Budget Request Stakeholder Briefing February 14, 2011

Fiscal Year 2012 Department of Education Budget Request Stakeholder Briefing February 14, 2011 The Presidents Budget Request for the Department of Education Department of Education Discretionary Budget 90.0 80.0 70.0 28.6 60.0 23.2 $

487 views • 11 slides
The Role of DARPA Ed Lazowska History of Computing Autumn 2006 1 Overview of Tire Tracks

The Role of DARPA Ed Lazowska History of Computing Autumn 2006 1 Overview of Tire Tracks

The Role of DARPA Ed Lazowska History of Computing Autumn 2006 1 Overview of Tire Tracks Diagram Shows 19 $1B (or larger) sub-sectors of IT Shows university research (federal funding), industry research (industry or federal

1.02k views • 33 slides
History and HTML 2 History of the World in Just 5 Slides, Part 1 ARPANET Implemented in

History and HTML 2 History of the World in Just 5 Slides, Part 1 ARPANET Implemented in

IT350 Web and Internet Programming History and HTML 2 History of the World in Just 5 Slides, Part 1 ARPANET Implemented in late 1960s by ARPA (Advanced Research Projects Agency of DOD) Networked computer systems of a dozen

335 views • 8 slides
The nftables tutorial Patrick McHardy Pablo Neira Ayuso <kaber@trash.net>

The nftables tutorial Patrick McHardy Pablo Neira Ayuso <kaber@trash.net>

The nftables tutorial Patrick McHardy Pablo Neira Ayuso <kaber@trash.net> <pablo@netfilter.org> Netdev 0.1 February 2015 Ottawa, Canada Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada What is

499 views • 17 slides
Email SMTP - Simple Mail Transfer Protocol RFC 821 POP - Post Office Protocol

Email SMTP - Simple Mail Transfer Protocol RFC 821 POP - Post Office Protocol

Email SMTP - Simple Mail Transfer Protocol RFC 821 POP - Post Office Protocol RFC 1939 Also: RFC 822 Standard for the Format of ARPA Internet Text Messages RFCs 1521, 1522 Mime Netprog: Email Protocols 1

679 views • 25 slides
PBS Documentary Series Nerds 2.0.1: A Brief History of the Internet Watch Part 1. Parts 2 and 3

PBS Documentary Series Nerds 2.0.1: A Brief History of the Internet Watch Part 1. Parts 2 and 3

CS101 Lecture 07: History of the Internet John Magee 9 July 2013 1 PBS Documentary Series Nerds 2.0.1: A Brief History of the Internet Watch Part 1. Parts 2 and 3 are optional. Part 1: Networking the Nerds: Part 1: Networking the Nerds:

345 views • 6 slides
IN WIND ENERGY Wind Power. Redefined. A N EW C ATEGORY OF R ENEWABLE E NERGY :

IN WIND ENERGY Wind Power. Redefined. A N EW C ATEGORY OF R ENEWABLE E NERGY :

A NEW DIRECTION IN WIND ENERGY Wind Power. Redefined. A N EW C ATEGORY OF R ENEWABLE E NERGY : ELECTROHYDRODYNAMIC (EHD) WIND POWER Award $4.9M over 2 years Goals Achieve 10x scale-up and complete first-ever sub-commercial scale

546 views • 9 slides
Hands on tutorial Willem Toorop, NLNet Labs Shumon Huque, Verisign Glen Wiley, Verisign About

Hands on tutorial Willem Toorop, NLNet Labs Shumon Huque, Verisign Glen Wiley, Verisign About

Hands on tutorial Willem Toorop, NLNet Labs Shumon Huque, Verisign Glen Wiley, Verisign About getdns API= a DNS API specification resolving names getdns API= created by and for applications developers getdns = the first

1.39k views • 79 slides

More recommend