Presentation | 2016-03-04 Evaluation on Virtual Firewall Schemes against DNS Amplification Attacks Eitetsu Gen, Shota Endo, Yuichi Sudo, Junichi Murayama, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Recently, DDoS attacks that disturb service offering in the Internet have occurred frequently. In order to mitigate such attack traffic between provider networks, deploying firewall functions is effective. They are attached to the border routers of a provider network. This firewall is required to support legitimate DNS accesses. Then, when it forwards a DNS request packet toward an outer provider, it allows incoming of the corresponded DNS reply packet. In such an access between providers, the ingress provider may be different from the egress provider. Consequently, distributed firewalls need to be acted virtually as a single firewall. Toward achieving such a firewall, some schemes have been proposed. However, their typical advantages are not clear. Thus we evaluated and compared virtual firewall schemes. The results are as follows. (1) Regarding allocation of filtering functions, a distributed scheme is tough against heavy attacks, while a centralized scheme is economical for implementation. (2) Concerning exchanging control messages for achieving the distribution, a client/server scheme is scalable for increasing filtering functions, while a peer scheme is reliable against fault. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | DNS amplification attack / reflector / firewall / dynamic filtering / control message |
Paper # | IN2015-140 |
Date of Issue | 2016-02-25 (IN) |
Conference Information | |
Committee | NS / IN |
---|---|
Conference Date | 2016/3/3(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Phoenix Seagaia Resort |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | General |
Chair | Atsushi Hiramatsu(NTT-AT) / Hidetsugu Kobayashi(NTT) |
Vice Chair | Hideki Tode(Osaka Pref. Univ.) / Katsunori Yamaoka(Tokyo Inst. of Tech.) |
Secretary | Hideki Tode(Univ. of Fukui) / Katsunori Yamaoka(NTT) |
Assistant | Shohei Kamamura(NTT) / Yuichi Sudo(NTT) / Kunitake Kaneko(Keio Univ.) |
Paper Information | |
Registration To | Technical Committee on Network Systems / Technical Committee on Information Networks |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Evaluation on Virtual Firewall Schemes against DNS Amplification Attacks |
Sub Title (in English) | |
Keyword(1) | DNS amplification attack |
Keyword(2) | reflector |
Keyword(3) | firewall |
Keyword(4) | dynamic filtering |
Keyword(5) | control message |
1st Author's Name | Eitetsu Gen |
1st Author's Affiliation | Tokai University(Tokai Univ.) |
2nd Author's Name | Shota Endo |
2nd Author's Affiliation | Tokai University(Tokai Univ.) |
3rd Author's Name | Yuichi Sudo |
3rd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
4th Author's Name | Junichi Murayama |
4th Author's Affiliation | Tokai University(Tokai Univ.) |
Date | 2016-03-04 |
Paper # | IN2015-140 |
Volume (vol) | vol.115 |
Number (no) | IN-484 |
Page | pp.pp.189-192(IN), |
#Pages | 4 |
Date of Issue | 2016-02-25 (IN) |