PPT-DNS, DNSSEC and DDOS Geoff

Huston APNIC February 2014 The E volution of Evil It used to be that they sent evil packets to their chosen victim but this exposed the attacker and limited the damage they could cause. Nurfedin Zejnulahi, Arbor Consultant. Ten + Years of Innovation. Trusted Experts. Globally. Global ATLAS. Proprietary and Confidential Information of Arbor Networks, Inc.. Founded from DARPA grant. Over 40 networking and security patents . Lutz Donnerhacke. db089309. : 1c1c 6311 ef09 d819 e029 65be bfb6 . c9cb. dig +. dnssec. 1.6.5.3.7.5.1.4.6.3.9.4.e164.arpa. . naptr. A . protocol. from better . times. An . ancient. . protocol. People were. Defense by Offense. Michael . Walfish. , . Mythili. . Vutukuru. ,. Hari. . Balakrishnan. , David . Karger. ,. Scott . Shenker. . , SIGCOMM ‘06. Presented by . Lianmu. Chen. DDoS. : Defense by Offense. Eric Osterweil. Dan Massey. Lixia Zhang. 1. Motivation: Why Use DNSSEC?. DNS cache poisoning has been a known attack against DNS since the 1990s [1]. Now there is a new variant: the . Kaminsky. attack. Underestimating the Impact of DDoS. Jim Benanti – Sr. Consulting Engineer, Arbor Networks. Roadmap. DDoS Risk Landscape. DYN & . Mirai. DDoS Defense. Cost of DDoS. Your Opportunity. Q&A. Don’t Take My Word For It. Michaelson. . APNICLabs. September 2012. What are the questions?. What proportion of DNS resolvers are DNSSEC-capable?. What proportion of users are using DNSSEC-. validatingDNS. resolvers?. Where are these users?. . 2013 . 12 June. . 2013. j. ohn.crain. @icann.org. DNS Basics. DNS converts names (www.uob.com.sg) to numbers (203.116.108.5). ..to identify services such as www and e-mail. ..that identify and link customers to business and visa versa. Jonathan BOURGAIN . Expert . DDOS et advanced Threat chez Arbor Networks. E. tat . de l’art des architectures de protection anti-DDoS. POUVEZ VOUS REPONDRE A CES QUESTIONS?. Est-. ce. que je . connais. Chief Scientist . APNIC Labs. Why pick on the DNS?. The DNS is very . easy . to. tap . and. tamper. DNS queries are open and unencrypted. DNS payloads are not secured and tampering cannot be detected. 16/Jun/2022. University of Twente. A case study with DNS. Where do you use anycast in . your daily life?. 2. What is Anycast for?. Improve . load balance. Diminish. response times . Increase . resilience against DDoS. Geoff Huston. APNIC. The Internet’s routing system works by rumour. “I tell you what I know, and you tell your mates, and your mates tell their mates, and …”. But what if I tell you a lie? . Or someone maliciously alters what I’m trying to tell you?. Geoff Huston. APNIC. Some thoughts about . for. Well . –. guess - from the snippets that have been released. …. It was a . Mirai. attack. It used a compromised device collection. It used a range of attack vectors. Internet Protocol address uniquely identifies laptops or phones or other devices . The Domain Name System matches IP addresses with a name. IP routing and DNS are the underpinning of unified Internet. in today’s Internet. Geoff Huston. APNIC . June 2016. What is being measured?. Clients who will perform DNSSEC validation of a domain name. Using RSA/SHA-1 as the crypto algorithm. Who will not resolve a badly-signed domain name.