An Analysis of DepenDNS

11 years 6 months ago
An Analysis of DepenDNS
Recently, a new scheme to protect clients against DNS cache poisoning attacks was introduced. The scheme is referred to as DepenDNS and is intended to protect clients against such attacks while being secure, practical, efficient and conveniently deployable. In our paper we examine the security and the operational aspects of DepenDNS. We highlight a number of severe operational deficiencies that the scheme has failed to address. We show that cache poisoning and denial of service attacks are possible against the scheme. We also demonstrate a high factor amplification attack against DepenDNS, which can lead to a large scale Internet denial of service attack. Our findings and recommendations have been validated with real data collected over time. Keywords DNS, DepenDNS, DNS cache poisoning, Denial of Service, Amplfication.
Nadhem J. AlFardan, Kenneth G. Paterson
Added 13 Feb 2011
Updated 13 Feb 2011
Type Journal
Year 2010
Where ISW
Authors Nadhem J. AlFardan, Kenneth G. Paterson
Comments (0)