{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:12:14Z","timestamp":1772039534791,"version":"3.50.1"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030004699","type":"print"},{"value":"9783030004705","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_7","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:43:19Z","timestamp":1536216199000},"page":"139-160","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["DNS Unchained: Amplified Application-Layer DoS Attacks Against DNS Authoritatives"],"prefix":"10.1007","author":[{"given":"Jonas","family":"Bushart","sequence":"first","affiliation":[]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"key":"7_CR1","unstructured":"Andrew: Water torture: a slow drip DNS DDoS attack, February 2014. https:\/\/secure64.com\/water-torture-slow-drip-dns-ddos-attack\/"},{"key":"7_CR2","unstructured":"Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th USENIX Security Symposium (2017)"},{"key":"7_CR3","unstructured":"Bellis, R.: Benchmarking DNS reliably on multi-core systems, July 2015. https:\/\/www.isc.org\/blogs\/benchmarking-dns\/"},{"key":"7_CR4","unstructured":"Censys DNS lookup full IPv4 (2017). https:\/\/censys.io\/data\/53-dns-lookup-full_ipv4"},{"key":"7_CR5","doi-asserted-by":"publisher","unstructured":"Crawford, M.: Non-terminal DNS name redirection. Technical report, RFC Editor (1999). https:\/\/doi.org\/10.17487\/RFC2672","DOI":"10.17487\/RFC2672"},{"key":"7_CR6","doi-asserted-by":"publisher","unstructured":"Crocker, D., Hansen, T., Kucherawy, M.S.: Domainkeys identified mail (DKIM) signatures. Technical report, RFC Editor (2011). https:\/\/doi.org\/10.17487\/RFC6376","DOI":"10.17487\/RFC6376"},{"key":"7_CR7","unstructured":"CVE-2008-1447. Available from MITRE, CVE-ID CVE-2008-1447, July 2008. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2008-1447"},{"key":"7_CR8","unstructured":"Dagon, D., Antonakakis, M., Day, K., Luo, X., Lee, C.P., Lee, W.: Recursive DNS architectures and vulnerability implications. In: Proceedings of the Network and Distributed System Security Symposium (2009)"},{"key":"7_CR9","unstructured":"DNSBL information - spam database and blacklist check. https:\/\/www.dnsbl.info\/"},{"key":"7_CR10","doi-asserted-by":"publisher","unstructured":"Dukhovni, V., Hardaker, W.: The DNS-based authentication of named entities (DANE) protocol: updates and operational guidance. Technical report, RFC Editor (2015). https:\/\/doi.org\/10.17487\/RFC7671","DOI":"10.17487\/RFC7671"},{"key":"7_CR11","unstructured":"Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the 22th USENIX Security Symposium (2013)"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Gilad, Y., Herzberg, A., Sudkovitch, M., Goberman, M.: CDN-on-demand: an affordable DDoS defense via untrusted clouds. In: 23rd Annual Network and Distributed System Security Symposium (2016)","DOI":"10.14722\/ndss.2016.23109"},{"key":"7_CR13","unstructured":"Hallam-Baker, P.: RFC Errata for RFC 6844 \u201cDNS Certification Authority Authorization (CAA) Resource Record\u201d. Errata 5065, RFC Editor (2017). https:\/\/www.rfc-editor.org\/errata\/eid5065"},{"key":"7_CR14","unstructured":"Hilton, S.: Dyn analysis summary of friday october 21 attack. https:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack\/"},{"key":"7_CR15","doi-asserted-by":"publisher","unstructured":"Hoffman, P.E., Schlyter, J.: The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. Technical report, RFC Editor (2012) https:\/\/doi.org\/10.17487\/RFC6698","DOI":"10.17487\/RFC6698"},{"key":"7_CR16","unstructured":"Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008 (2008)"},{"key":"7_CR17","unstructured":"Internet Systems Consortium: Pseudo Random DNS Query Attacks & Resolver Mitigation Approaches (2015). https:\/\/www.nanog.org\/sites\/default\/files\/nanog63-dnstrack-winstead-attacks.pdf"},{"key":"7_CR18","unstructured":"Kaminsky, D.: It\u2019s the end of the cache as we know it. Presented at Black Ops (2008)"},{"key":"7_CR19","doi-asserted-by":"publisher","unstructured":"Kitterman, S.: Sender policy framework (SPF) for authorizing use of domains in email, version 1. Technical report, RFC Editor (2014). https:\/\/doi.org\/10.17487\/RFC7208","DOI":"10.17487\/RFC7208"},{"key":"7_CR20","unstructured":"Knot DNS benchmark (2017). https:\/\/www.knot-dns.cz\/benchmark\/"},{"key":"7_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-319-45719-2_9","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"A Kountouras","year":"2016","unstructured":"Kountouras, A., et al.: Enabling network security through active DNS datasets. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 188\u2013208. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2_9"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"615","DOI":"10.1007\/978-3-319-26362-5_28","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"L Kr\u00e4mer","year":"2015","unstructured":"Kr\u00e4mer, L., et al.: AmpPot: monitoring and defending against amplification DDoS attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 615\u2013636. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26362-5_28"},{"key":"7_CR23","unstructured":"Kreibich, C., Warfield, A., Crowcroft, J., Hand, S., Pratt, I.: Using packet symmetry to curtail malicious traffic. In: Proceedings of the 4th Workshop on Hot Topics in Networks (Hotnets-VI), College Park, MD, USA (2005)"},{"key":"7_CR24","doi-asserted-by":"publisher","unstructured":"K\u00fchrer, M., Hupperich, T., Bushart, J., Rossow, C., Holz, T.: Going wild: large-scale classification of open DNS resolvers. In: Proceedings of the 2015 ACM Internet Measurement Conference (2015). https:\/\/doi.org\/10.1145\/2815675.2815683","DOI":"10.1145\/2815675.2815683"},{"key":"7_CR25","unstructured":"K\u00fchrer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attacks. In: Proceedings of the 23rd USENIX Security Symposium (2014)"},{"key":"7_CR26","unstructured":"Lawrence, D., Kumari, W.: Serving stale data to improve DNS resiliency. Internet-Draft draft-ietf-dnsop-serve-stale-00, IETF Secretariat (2017). http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-dnsop-serve-stale-00.txt"},{"key":"7_CR27","unstructured":"Lawrence, T.: Akamai\u2019s DNS contribution to internet resilience. https:\/\/blogs.akamai.com\/2017\/09\/akamais-dns-contribution-to-internet-resiliency.html"},{"key":"7_CR28","unstructured":"Liu, Y., Wang, H.: The Elknot DDoS botnets we watched. Presented at VB2016 Denver. https:\/\/www.virusbulletin.com\/conference\/vb2016\/abstracts\/elknot-ddos-botnets-we-watched"},{"key":"7_CR29","unstructured":"McNally, M.: BIND 9.12.0 release notes. https:\/\/kb.isc.org\/article\/AA-01554\/0\/BIND-9.12.0-Release-Notes.html"},{"key":"7_CR30","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/997150.997156","volume":"34","author":"J Mirkovic","year":"2004","unstructured":"Mirkovic, J., Reiher, P.L.: A taxonomy of DDoS attack and DDoS defense mechanisms. Comput. Commun. Rev. 34, 39\u201353 (2004). https:\/\/doi.org\/10.1145\/997150.997156","journal-title":"Comput. Commun. Rev."},{"key":"7_CR31","doi-asserted-by":"publisher","unstructured":"Mockapetris, P.V.: Domain names - concepts and facilities. Technical report, RFC Editor (1987). https:\/\/doi.org\/10.17487\/RFC1034","DOI":"10.17487\/RFC1034"},{"key":"7_CR32","doi-asserted-by":"publisher","unstructured":"Mockapetris, P.V.: Domain names - implementation and specification. Technical report, RFC Editor (1987). https:\/\/doi.org\/10.17487\/RFC1035","DOI":"10.17487\/RFC1035"},{"key":"7_CR33","doi-asserted-by":"publisher","unstructured":"M\u00fcller, M., Moura, G.C.M., de Oliveira Schmidt, R., Heidemann, J.S.: Recursives in the wild: engineering authoritative DNS servers. In: Proceedings of the 2017 Internet Measurement Conference (2017). https:\/\/doi.org\/10.1145\/3131365.3131366","DOI":"10.1145\/3131365.3131366"},{"key":"7_CR34","unstructured":"Nominum: Vantio cacheserve 7, June 2015. https:\/\/nominum.com\/wp-content\/uploads\/2015\/06\/Vantio-CacheServe7-DataSheet.pdf"},{"key":"7_CR35","unstructured":"OpenDNS SmartCache. https:\/\/www.opendns.com\/opendns-smartcache\/"},{"key":"7_CR36","doi-asserted-by":"crossref","unstructured":"Ferguson, P., Senie, D.: BCP 38 on network ingress filtering: defeating denial of service attacks which employ IP source address spoofing, May 2000. http:\/\/tools.ietf.org\/html\/bcp38","DOI":"10.17487\/rfc2827"},{"key":"7_CR37","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/505659.505664","volume":"31","author":"V Paxson","year":"2001","unstructured":"Paxson, V.: An analysis of using reflectors for distributed denial-of-service attacks. Comput. Commun. Rev. 31, 38\u201347 (2001). https:\/\/doi.org\/10.1145\/505659.505664","journal-title":"Comput. Commun. Rev."},{"key":"7_CR38","unstructured":"Pfeifer, G., Martin, A., Fetzer, C.: Reducible complexity in DNS. In: IADIS International Conference WWW\/Internet 2008 (ICWI 2008) (2008)"},{"key":"7_CR39","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1145\/1514070.1514073","volume":"17","author":"S Ranjan","year":"2009","unstructured":"Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A., Knightly, E.W.: DDoS-shield: DDoS-resilient scheduling to counter application layer attacks. IEEE\/ACM Trans. Netw. 17, 26\u201339 (2009). https:\/\/doi.org\/10.1145\/1514070.1514073","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"7_CR40","doi-asserted-by":"publisher","unstructured":"van Rijswijk-Deij, R., Sperotto, A., Pras, A.: DNSSEC and its potential for DDoS attacks: a comprehensive measurement study. In: Proceedings of the 2014 Internet Measurement Conference (2014). https:\/\/doi.org\/10.1145\/2663716.2663731","DOI":"10.1145\/2663716.2663731"},{"key":"7_CR41","unstructured":"Risk, V.: Resolver DDoS mitigation. https:\/\/www.isc.org\/blogs\/tldr-resolver-ddos-mitigation\/"},{"key":"7_CR42","unstructured":"Risk, V.: BIND9 performance history, August 2017. https:\/\/www.isc.org\/blogs\/bind9-performance-history\/"},{"key":"7_CR43","doi-asserted-by":"publisher","unstructured":"Rose, S., Wijngaards, W.C.A.: DNAME redirection in the DNS. Technical report, RFC Editor (2012). https:\/\/doi.org\/10.17487\/RFC6672","DOI":"10.17487\/RFC6672"},{"key":"7_CR44","doi-asserted-by":"crossref","unstructured":"Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: 21st Annual Network and Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23233"},{"key":"7_CR45","unstructured":"Shadowserver Foundation: DNSScan Shadowserver Foundation, January 2018. https:\/\/dnsscan.shadowserver.org\/stats\/"},{"key":"7_CR46","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1145\/2499926.2499928","volume":"12","author":"CA Shue","year":"2013","unstructured":"Shue, C.A., Kalafut, A.J.: Resolvers revealed: characterizing DNS resolvers and their clients. ACM Trans. Internet Technol. 12, 14 (2013). https:\/\/doi.org\/10.1145\/2499926.2499928","journal-title":"ACM Trans. Internet Technol."},{"key":"7_CR47","doi-asserted-by":"publisher","first-page":"793","DOI":"10.2197\/ipsjjip.24.793","volume":"24","author":"Y Takeuchi","year":"2016","unstructured":"Takeuchi, Y., Yoshida, T., Kobayashi, R., Kato, M., Kishimoto, H.: Detection of the DNS water torture attack by analyzing features of the subdomain name. JIP 24, 793\u2013801 (2016). https:\/\/doi.org\/10.2197\/ipsjjip.24.793","journal-title":"JIP"},{"key":"7_CR48","unstructured":"Van Nice, B.: Drilling down into DNS DDoS (2015). https:\/\/www.nanog.org\/sites\/default\/files\/nanog63-dnstrack-vannice-ddos.pdf"},{"key":"7_CR49","doi-asserted-by":"publisher","unstructured":"Wang, X., Reiter, M.K.: Mitigating bandwidth-exhaustion attacks using congestion puzzles. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (2004). https:\/\/doi.org\/10.1145\/1030083.1030118","DOI":"10.1145\/1030083.1030118"},{"key":"7_CR50","unstructured":"Weber, R.: Drilling down into DNS DDoS data (2015). https:\/\/indico.dns-oarc.net\/event\/21\/contribution\/29\/material\/slides\/0.pdf"},{"key":"7_CR51","unstructured":"Weinberg, M., Barber, P.: Everyday attacks against Verisign-operated DNS infrastructure (2015). https:\/\/indico.dns-oarc.net\/event\/21\/contribution\/24"},{"key":"7_CR52","doi-asserted-by":"publisher","unstructured":"Xie, Y., Yu, S.: A novel model for detecting application layer DDoS attacks. In: Interdisciplinary and Multidisciplinary Research in Computer Science (2006). https:\/\/doi.org\/10.1109\/IMSCCS.2006.159","DOI":"10.1109\/IMSCCS.2006.159"},{"key":"7_CR53","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1145\/2185376.2185387","volume":"42","author":"Y Yu","year":"2012","unstructured":"Yu, Y., Wessels, D., Larson, M., Zhang, L.: Authority server selection in DNS caching resolvers. Comput. Commun. Rev. 42, 80\u201386 (2012). https:\/\/doi.org\/10.1145\/2185376.2185387","journal-title":"Comput. Commun. Rev."}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T16:37:42Z","timestamp":1571848662000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}