{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T14:43:08Z","timestamp":1780065788894,"version":"3.54.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030987848","type":"print"},{"value":"9783030987855","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-98785-5_13","type":"book-chapter","created":{"date-parts":[[2022,3,21]],"date-time":"2022-03-21T05:02:34Z","timestamp":1647838954000},"page":"293-318","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["A Matter of Degree: Characterizing the Amplification Power of Open DNS Resolvers"],"prefix":"10.1007","author":[{"given":"Ramin","family":"Yazdani","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Roland","family":"van Rijswijk-Deij","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mattijs","family":"Jonker","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Anna","family":"Sperotto","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,3,22]]},"reference":[{"key":"13_CR1","unstructured":"2.5Tbps DDoS Attack on Google. https:\/\/cloud.google.com\/blog\/products\/identity-security\/identifying-and-protecting-against-the-largest-ddos-attacks. Accessed 11 Jan 2022"},{"key":"13_CR2","unstructured":"dnspython. https:\/\/www.dnspython.org\/. Accessed 11 Jan 2022"},{"key":"13_CR3","unstructured":"IP2Location. https:\/\/www.ip2location.com\/. Accessed 11 Jan 2022"},{"key":"13_CR4","unstructured":"MassDNS, A high-performance DNS stub resolver. https:\/\/github.com\/blechschmidt\/massdns. Accessed 11 Jan 2022"},{"key":"13_CR5","unstructured":"Open Resolver Project. https:\/\/web.archive.org\/web\/20200603050044\/http:\/\/openresolverproject.org\/. Accessed 11 Jan 2022"},{"key":"13_CR6","unstructured":"The Measurement Factory. http:\/\/dns.measurement-factory.com\/surveys\/openresolvers.html. Accessed 11 Jan 2022"},{"key":"13_CR7","unstructured":"University of Oregon Route Views Project. http:\/\/www.routeviews.org. Accessed 11 Jan 2022"},{"key":"13_CR8","unstructured":"ZIterate, ZMap IP permutation generator. https:\/\/github.com\/zmap\/zmap\/blob\/main\/src\/ziterate.1.ronn. Accessed 11 Jan 2022"},{"key":"13_CR9","doi-asserted-by":"publisher","unstructured":"Abley, J., Gumundsson, \u00d3., Majkowski, M., Hunt, E.: Providing minimal-sized responses to DNS queries that have QTYPE=ANY. RFC 8482, January 2019. https:\/\/doi.org\/10.17487\/RFC8482, https:\/\/rfc-editor.org\/rfc\/rfc8482.txt","DOI":"10.17487\/RFC8482"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: RFC 4033 - DNS security introduction and requirements (2005). http:\/\/tools.ietf.org\/html\/rfc4033","DOI":"10.17487\/rfc4033"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: RFC 4034 - resource records for the DNS security extensions (2005). http:\/\/tools.ietf.org\/html\/rfc4034","DOI":"10.17487\/rfc4034"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: RFC 4035 - protocol modifications for the DNS security extensions (2005). http:\/\/tools.ietf.org\/html\/rfc4035","DOI":"10.17487\/rfc4035"},{"key":"13_CR13","doi-asserted-by":"crossref","unstructured":"Bonica, R., Baker, F., Huston, G., Hinden, R., Troan, O., Gont, F.: RFC 8900 - IP fragmentation considered fragile (2020). https:\/\/www.rfc-editor.org\/info\/rfc8900","DOI":"10.17487\/RFC8900"},{"key":"13_CR14","unstructured":"Constantin, L.: Attackers use DNSSEC amplification to launch multi-vector DDoS attacks (2016). http:\/\/www.computerworld.com\/article\/3097364\/security\/attackers-use-dnssec-amplification-to-launch-multi-vector-ddos-attacks.html"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Damas, J., Graff, M., Vixie, P.: RFC 6891 - extension mechanisms for DNS (EDNS(0)) (2013). http:\/\/tools.ietf.org\/html\/rfc6891","DOI":"10.17487\/rfc6891"},{"key":"13_CR16","doi-asserted-by":"publisher","unstructured":"Deccio, C., Hilton, A., Briggs, M., Avery, T., Richardson, R.: Behind closed doors: a network tale of spoofing, intrusion, and false DNS security. In: Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 65\u201377 (2020). https:\/\/doi.org\/10.1145\/3419394.3423649","DOI":"10.1145\/3419394.3423649"},{"key":"13_CR17","unstructured":"Durumeric, Z., Bailey, M., Halderman, J.A.: An internet-wide view of internet-wide scanning. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 65\u201378 (2014)"},{"key":"13_CR18","unstructured":"Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the 22nd USENIX Security Symposium, pp. 605\u2013619 (2013)"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Fachkha, C., Bou-Harb, E., Debbabi, M.: Fingerprinting internet DNS amplification DDoS activities. In: 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1\u20135. IEEE (2014)","DOI":"10.1109\/NTMS.2014.6814019"},{"key":"13_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-319-54328-4_2","volume-title":"Passive and Active Measurement","author":"L Hendriks","year":"2017","unstructured":"Hendriks, L., de Oliveira Schmidt, R., van Rijswijk-Deij, R., Pras, A.: On the potential of IPv6 open resolvers for DDoS attacks. In: Kaafar, M.A., Uhlig, S., Amann, J. (eds.) PAM 2017. LNCS, vol. 10176, pp. 17\u201329. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-54328-4_2"},{"key":"13_CR21","unstructured":"Jiang, J., Liang, J., Li, K., Li, J., Duan, H., Wu, J.: Ghost domain names: revoked yet still resolvable (2012)"},{"key":"13_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-030-44081-7_7","volume-title":"Passive and Active Measurement","author":"M Korczy\u0144ski","year":"2020","unstructured":"Korczy\u0144ski, M., Nosyk, Y., Lone, Q., Skwarek, M., Jonglez, B., Duda, A.: Don\u2019t forget to lock the front door! inferring the deployment of source address validation of inbound traffic. In: Sperotto, A., Dainotti, A., Stiller, B. (eds.) PAM 2020. LNCS, vol. 12048, pp. 107\u2013121. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-44081-7_7"},{"key":"13_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"615","DOI":"10.1007\/978-3-319-26362-5_28","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"L Kr\u00e4mer","year":"2015","unstructured":"Kr\u00e4mer, L., et al.: AmpPot: monitoring and defending against amplification DDoS attacks. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 615\u2013636. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26362-5_28"},{"key":"13_CR24","doi-asserted-by":"publisher","unstructured":"K\u00fchrer, M., Hupperich, T., Bushart, J., Rossow, C., Holz, T.: Going wild - large-scale classification of open DNS resolvers. In: Proceedings of the 2015 ACM Internet Measurement Conference - IMC 2015, pp. 355\u2013368. ACM Press, New York (2015). https:\/\/doi.org\/10.1145\/2815675.2815683, http:\/\/dl.acm.org\/citation.cfm?doid= 2815675.2815683","DOI":"10.1145\/2815675.2815683"},{"key":"13_CR25","unstructured":"K\u00fchrer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? Reducing the impact of amplification DDoS attacks. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 111\u2013125 (2014)"},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Laurie, B., Sisson, G., Arends, R., Blacka, D.: RFC 5155 - DNS security (DNSSEC) hashed authenticated denial of existence (2008). http:\/\/tools.ietf.org\/html\/rfc5155","DOI":"10.17487\/rfc5155"},{"issue":"2","key":"13_CR27","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1080\/23738871.2017.1362020","volume":"2","author":"E Leverett","year":"2017","unstructured":"Leverett, E., Kaplan, A.: Towards estimating the untapped potential: a global malicious DDoS mean capacity estimate. J. Cyber Policy 2(2), 195\u2013208 (2017)","journal-title":"J. Cyber Policy"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: RFC 1035 - domain names - implementation and specification (1987). http:\/\/tools.ietf.org\/html\/rfc1035","DOI":"10.17487\/rfc1035"},{"key":"13_CR29","unstructured":"Moon, S.J., Yin, Y., Sharma, R.A., Yuan, Y., Spring, J.M., Sekar, V.: Accurately measuring global risk of amplification attacks using AmpMap. Technical report, Technical report CMU-CyLab-19-004 (2020)"},{"key":"13_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"460","DOI":"10.1007\/978-3-030-72582-2_27","volume-title":"Passive and Active Measurement","author":"GCM Moura","year":"2021","unstructured":"Moura, G.C.M., M\u00fcller, M., Davids, M., Wullink, M., Hesselman, C.: Fragmentation, truncation, and timeouts: are large DNS messages falling to bits? In: Hohlfeld, O., Lutu, A., Levin, D. (eds.) PAM 2021. LNCS, vol. 12671, pp. 460\u2013477. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-72582-2_27"},{"key":"13_CR31","doi-asserted-by":"publisher","unstructured":"Nawrocki, M., Jonker, M., Schmidt, T.C., Waehlisch, M.: The far side of DNS amplification: tracing the DDoS attack ecosystem from the internet core. In: Proceedings of the 2021 ACM Internet Measurement Conference (IMC 2021) (2021). https:\/\/doi.org\/10.1145\/3487552.3487835","DOI":"10.1145\/3487552.3487835"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Park, J., Khormali, A., Mohaisen, M., Mohaisen, A.: Where are you taking me? Behavioral analysis of open DNS resolvers. In: 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 493\u2013504. IEEE (2019)","DOI":"10.1109\/DSN.2019.00057"},{"key":"13_CR33","doi-asserted-by":"publisher","unstructured":"Randall, A., et al.: Trufflehunter: cache snooping rare domains at large public DNS resolvers. In: Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 50\u201364 (2020). https:\/\/doi.org\/10.1145\/3419394.3423640","DOI":"10.1145\/3419394.3423640"},{"key":"13_CR34","doi-asserted-by":"publisher","unstructured":"van Rijswijk-Deij, R., Sperotto, A., Pras, A.: DNSSEC and its potential for DDoS attacks. In: Proceedings of ACM IMC 2014. ACM Press, Vancouver (2014). https:\/\/doi.org\/10.1145\/2663716.2663731","DOI":"10.1145\/2663716.2663731"},{"key":"13_CR35","doi-asserted-by":"crossref","unstructured":"Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: Proceedings of the 2014 Network and Distributed Systems Security Symposium (NDSS 2014), no. February, pp. 23\u201326. Internet Society, San Diego (2014). http:\/\/www.internetsociety.org\/sites\/default\/files\/01_5.pdf","DOI":"10.14722\/ndss.2014.23233"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Rudman, L., Irwin, B.: Characterization and analysis of NTP amplification based DDoS attacks. In: 2015 Information Security for South Africa (ISSA), pp. 1\u20135. IEEE (2015)","DOI":"10.1109\/ISSA.2015.7335069"},{"key":"13_CR37","doi-asserted-by":"publisher","unstructured":"Santanna, J.J., et al.: Booters - an analysis of DDoS-as-a-service attacks. In: 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 243\u2013251. IEEE, Ottawa, May 2015. https:\/\/doi.org\/10.1109\/INM.2015.7140298","DOI":"10.1109\/INM.2015.7140298"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"van der Toorn, O., Krupp, J., Jonker, M., van Rijswijk-Deij, R., Rossow, C., Sperotto, A.: ANYway: measuring the amplification DDoS potential of domains. In: 2021 17th International Conference on Network and Service Management (CNSM) (2021)","DOI":"10.23919\/CNSM52442.2021.9615596"},{"key":"13_CR39","unstructured":"Vixie, P., Schryver, V.: DNS response rate limiting (DNS RRL). Technical report (2012). https:\/\/web.archive.org\/web\/20160307112057\/, http:\/\/ss.vix.su\/~vixie\/isc-tn-2012-1.txt. Accessed 11 Jan 2022"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Wan, G., et al.: On the origin of scanning: the impact of location on internet-wide scans. In: Proceedings of the ACM Internet Measurement Conference, pp. 662\u2013679 (2020)","DOI":"10.1145\/3419394.3424214"}],"container-title":["Lecture Notes in Computer Science","Passive and Active Measurement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-98785-5_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,23]],"date-time":"2022-03-23T01:01:27Z","timestamp":1647997287000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-98785-5_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030987848","9783030987855"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-98785-5_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"22 March 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PAM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Passive and Active Network Measurement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 March 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 March 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pam2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pam2022.nl\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"62","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}