{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T12:37:35Z","timestamp":1779194255490,"version":"3.51.4"},"reference-count":35,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2019,1,28]],"date-time":"2019-01-28T00:00:00Z","timestamp":1548633600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2019,1,28]]},"abstract":"<jats:p>Distributed Denial-of-Service (DDoS) attacks continue to pose a serious threat to the availability of Internet services. The Domain Name System (DNS) is part of the core of the Internet and a crucial factor in the successful delivery of Internet services. Because of the importance of DNS, specialist service providers have sprung up in the market, that provide managed DNS services. One of their key selling points is that they protect DNS for a domain against DDoS attacks. But what if such a service becomes the target of a DDoS attack, and that attack succeeds?<\/jats:p>\n          <jats:p>In this paper we analyse two such events, an attack on NS1 in May 2016, and an attack on Dyn in October 2016. We do this by analysing the change in the behaviour of the service's customers. For our analysis we leverage data from the OpenINTEL active DNS measurement system, which covers large parts of the global DNS over time. Our results show an almost immediate and statistically significant change in the behaviour of domains that use NS1 or Dyn as a DNS service provider. We observe a decline in the number of domains that exclusively use NS1 or Dyn as a managed DNS service provider, and see a shift toward risk spreading by using multiple providers. While a large managed DNS provider may be better equipped to protect against attacks, these two case studies show they are not impervious to them. This calls into question the wisdom of using a single provider for managed DNS. Our results show that spreading risk by using multiple providers is an effective countermeasure, albeit probably at a higher cost.<\/jats:p>","DOI":"10.1145\/3310165.3310175","type":"journal-article","created":{"date-parts":[[2019,1,29]],"date-time":"2019-01-29T13:16:22Z","timestamp":1548767782000},"page":"70-76","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":28,"title":["Measuring the impact of a successful DDoS attack on the customer behaviour of managed DNS service providers"],"prefix":"10.1145","volume":"48","author":[{"given":"Abhishta","family":"Abhishta","sequence":"first","affiliation":[{"name":"University of Twente, Enschede, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Roland","family":"van Rijswijk-Deij","sequence":"additional","affiliation":[{"name":"University of Twente and SURFnet bv, Enschede, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lambert J. M.","family":"Nieuwenhuis","sequence":"additional","affiliation":[{"name":"University of Twente, Enschede, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,1,28]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"2015. Worldwide Infrastructure Security Report Arbor Networks.  2015. Worldwide Infrastructure Security Report Arbor Networks."},{"key":"e_1_2_1_2_1","unstructured":"2016. Worldwide Infrastructure Security Report Arbor Networks.  2016. Worldwide Infrastructure Security Report Arbor Networks."},{"key":"e_1_2_1_3_1","unstructured":"2017. Worldwide Infrastructure Security Report Arbor Networks.  2017. Worldwide Infrastructure Security Report Arbor Networks."},{"key":"e_1_2_1_4_1","volume-title":"2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP). IEEE Press.","author":"Joosten Reinoud"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1177\/014920630102700601"},{"key":"e_1_2_1_6_1","unstructured":"Kris Beevers. 2016. A note from NS1's CEO: How we responded to last weeks's major multi-faceted DDoS Attacks. Blog. http:\/\/ns1.com\/blog\/how-we-responded-to-last-weeks-major-multi-faceted-ddos-attacks  Kris Beevers. 2016. A note from NS1's CEO: How we responded to last weeks's major multi-faceted DDoS Attacks. Blog. http:\/\/ns1.com\/blog\/how-we-responded-to-last-weeks-major-multi-faceted-ddos-attacks"},{"key":"e_1_2_1_7_1","unstructured":"Rich Bolstridge. 2016. Dyn DDoS Attack: Wide-Spread Impact Across the Financial Services Industry (Part 1). Blog. https:\/\/blogs.akamai.com\/2016\/10\/dyn-ddos-attack-wide-spread-impact-across-the-financial-services-industry-part-1.html  Rich Bolstridge. 2016. Dyn DDoS Attack: Wide-Spread Impact Across the Financial Services Industry (Part 1). Blog. https:\/\/blogs.akamai.com\/2016\/10\/dyn-ddos-attack-wide-spread-impact-across-the-financial-services-industry-part-1.html"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1080\/10864415.2004.11044320"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0022-4359(00)00028-2"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30505-9_24"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.techfore.2014.08.002"},{"key":"e_1_2_1_12_1","unstructured":"Scott Hilton. 2016. Dyn Analysis Summary Of Friday October 21 Attack. Blog. https:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack\/  Scott Hilton. 2016. Dyn Analysis Summary Of Friday October 21 Attack. Blog. https:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack\/"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131383"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987487"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_28"},{"key":"e_1_2_1_16_1","unstructured":"Brian Krebs. 2016. KrebsOnSecurity Hit With Record DDoS. https:\/\/krebsonsecurity.com\/2016\/09\/krebsonsecurity-hit-with-record-ddos\/  Brian Krebs. 2016. KrebsOnSecurity Hit With Record DDoS. https:\/\/krebsonsecurity.com\/2016\/09\/krebsonsecurity-hit-with-record-ddos\/"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11747-008-0131-z"},{"key":"e_1_2_1_18_1","first-page":"13","article-title":"Event Studies in Economics and Finance","volume":"35","author":"MacKinlay A. Craig","year":"1997","journal-title":"Journal of Economic Literature"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/997150.997156"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1132026.1132027"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987446"},{"key":"e_1_2_1_23_1","unstructured":"Pierluigi Paganini. {n. d.}. ProtonMail paid a $6000 Ransom to stop DDoS AttacksSecurity Affairs. http:\/\/securityaffairs.co\/wordpress\/41775\/cyber-crime\/protonmail-paid-ransom-ddos.html  Pierluigi Paganini. {n. d.}. ProtonMail paid a $6000 Ransom to stop DDoS AttacksSecurity Affairs. http:\/\/securityaffairs.co\/wordpress\/41775\/cyber-crime\/protonmail-paid-ransom-ddos.html"},{"key":"e_1_2_1_24_1","volume-title":"Ziggo: More Cyber Attacks Expected. Blog. https:\/\/nltimes.nl\/2015\/08\/20\/ziggo-cyber-attacks-expected","author":"Pieters Janene","year":"2015"},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Thomas J Rothenberg. 1984. Approximating the distributions of econometric estimators and test statistics. Handbook of econometrics 2 (1984) 881--935.  Thomas J Rothenberg. 1984. Approximating the distributions of econometric estimators and test statistics. Handbook of econometrics 2 (1984) 881--935.","DOI":"10.1016\/S1573-4412(84)02007-9"},{"key":"e_1_2_1_26_1","volume-title":"2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM). 243--251","author":"Santanna J. J."},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Abraham Savitzky and Marcel JE Golay. 1964. Smoothing and differentiation of data by simplified least squares procedures. Analytical chemistry 36 8 (1964) 1627--1639.  Abraham Savitzky and Marcel JE Golay. 1964. Smoothing and differentiation of data by simplified least squares procedures. Analytical chemistry 36 8 (1964) 1627--1639.","DOI":"10.1021\/ac60214a047"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2000.11518269"},{"key":"e_1_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Daniel R Thomas Richard Clayton and Alastair R Beresford. 2017. 1000 days of UDP amplification DDoS attacks. (2017).  Daniel R Thomas Richard Clayton and Alastair R Beresford. 2017. 1000 days of UDP amplification DDoS attacks. (2017).","DOI":"10.1109\/ECRIME.2017.7945057"},{"key":"e_1_2_1_30_1","unstructured":"R. van Rijswijk-Deij. 2017. Improving DNS Security: A Measurement-Based Approach. Ph.D. Dissertation. University of Twente.  R. van Rijswijk-Deij. 2017. Improving DNS Security: A Measurement-Based Approach. Ph.D. Dissertation. University of Twente."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2016.2558918"},{"key":"e_1_2_1_32_1","volume-title":"VERISIGN: MANAGED DNS SERVICES. https:\/\/www.verisign.com\/assets\/pdf\/resource-center\/datasheet-mdns-overview.pdf","year":"2017"},{"key":"e_1_2_1_33_1","unstructured":"Stephanie Weagle. 2017. Financial Impact of Mirai DDoS Attack on Dyn Revealed in New Data. Blog. https:\/\/www.corero.com\/blog\/797-financial-impact-of-mirai-ddos-attack-on-dyn-revealed-in-new-data.html  Stephanie Weagle. 2017. Financial Impact of Mirai DDoS Attack on Dyn Revealed in New Data. Blog. https:\/\/www.corero.com\/blog\/797-financial-impact-of-mirai-ddos-attack-on-dyn-revealed-in-new-data.html"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592794"},{"key":"e_1_2_1_35_1","unstructured":"Saman Taghavi Zargar James Joshi and David Tipper. 2013. A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Communications Surveys and Tutorials (2013).  Saman Taghavi Zargar James Joshi and David Tipper. 2013. A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Communications Surveys and Tutorials (2013)."},{"key":"e_1_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Valarie A Zeithaml Leonard L Berry and Ananthanarayanan Parasuraman. 1996. The behavioral consequences of service quality. the Journal of Marketing (1996).  Valarie A Zeithaml Leonard L Berry and Ananthanarayanan Parasuraman. 1996. The behavioral consequences of service quality. the Journal of Marketing (1996).","DOI":"10.2307\/1251929"}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3310165.3310175","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3310165.3310175","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:15Z","timestamp":1750212795000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3310165.3310175"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,28]]},"references-count":35,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2019,1,28]]}},"alternative-id":["10.1145\/3310165.3310175"],"URL":"https:\/\/doi.org\/10.1145\/3310165.3310175","relation":{},"ISSN":["0146-4833"],"issn-type":[{"value":"0146-4833","type":"print"}],"subject":[],"published":{"date-parts":[[2019,1,28]]},"assertion":[{"value":"2019-01-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}