Recovering and Protecting against DNS Cache Poisoning Attacks

DNSSEC can provide a strong countermeasure to DNS Cache Poisoning Attacks, however, DNSSEC can't be actually deployed in a short time, it is still impossible to avoid poisoning attacks thoroughly, a majority of DNS servers are still hreatened from the poisoning attacks. This attack is used in conjunction with web spoofing, it can change Web URL, lead economic losing and privacy leaking. In this paper, we emphasize on the recovery and protection after suffered DNS Cache Poisoning Attacks. We expect to decrease success ratio of poisoning attacks greatly through restoration, source port randomization (SPR) and setting time-to-live (TTL). After above deployments, attackers have to extend attack time to make attack successful, and this will provide sufficient time to defend and preserve. The strategy of this paper greatly increases resistance of DNS server against DNS poisoning, and also can be a transition before DNSSEC is deployed thoroughly.

[1]  Scott A. Smolka,et al.  Formal Analysis of the Kaminsky DNS Cache-Poisoning Attack Using Probabilistic Model Checking , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[2]  Majid Naderi,et al.  An improvement of collision probability in biased birthday attack against A5/1 stream cipher , 2010, 2010 European Wireless Conference (EW).

[3]  Jonathan Trostle,et al.  Protecting against DNS cache poisoning attacks , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.

[4]  Xiapu Luo,et al.  WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[5]  Daniel Migault,et al.  A performance view on DNSSEC migration , 2010, 2010 International Conference on Network and Service Management.

[6]  Kenneth G. Paterson,et al.  An Analysis of DepenDNS , 2010, ISC.

[7]  Fang Liu,et al.  Improving DNS cache to alleviate the impact of DNS DDoS attack , 2011, J. Networks.