DDoS (Distributed Denial of Service) Patterns

DNS aplification attack is one of known DDoS (Distributed Denial of Service) patterns. This attack targets a DNS server which is one of the biggest internet core insfratructure. This attack exploits fact that DNS using UDP as its transport protocol. UDP simplicity allows packet to be so small, thus can be transferred in very short time. However, in turn, security become one of its weak aspect. Having no such authentication procedure as three-way handshake, known in TCP, causes the UDP can not assure the actual host that really send the packet, thus make it vulnerable to such attack. Basically, there are two attacking strategies. The first is to send a massive request simultaneously towards DNS servers. This strategy will overload the server and its network traffic. The second strategy is to exploit DNS server as a bouncer. The attacker will keep sending massive request, however, along with spoofed source IP address. This strategy prevents responses to be sent back to the attacker, however to another host which will be the next victim. The effect will be amplified since the response is much larger than the initial request. In this kind of attack, both the server and the victim, and its network traffic would be down and overloaded. This final project implements a software which detects IP spoofing and prevents any efforts in amplifying the attacking effect. The software will be installed in network gateway acting as a thin layer between clients and the server. The software applies two basic schemes to protect the server from the attack. These schemes are UDP-based, which runs on ordinary DNS protocol, and cookie exchange procedure that introduce an extension in DNS protocol.