urlscan.io logo urlscan.io
SecurityTrails logo

tide-project.nl Open in urlscan Pro
2001:610:1908:ff01:f816:3eff:fe08:8e  Public Scan

Back to summary
Submitted URL: http://tide-project.nl/
Effective URL: https://tide-project.nl/
Submission Tags: @phish_report
Submission: On February 05 via api from FI — Scanned from NL

Form analysis 2 forms found in the DOM

GET //google.com/search

<form id="search" method="get" action="//google.com/search">
  <input type="text" name="q" placeholder="Search">
  <input type="hidden" name="as_sitesearch" value="https://www.tide-project.nl/">
</form>

GET //google.com/search

<form class="search" method="get" action="//google.com/search">
  <input type="text" name="q" placeholder="Search">
  <input type="hidden" name="as_sitesearch" value="https://www.tide-project.nl/">
</form>

Text Content

TIDE

 *  Home
 *  About
 *  Consortium
 *  People
 *  Publications
 *  Posters
 *  Slides
 *  Blog

 * Share
 * Search
   
 * Menu


ANYWAY: MEASURING THE AMPLIFICATION DDOS POTENTIAL OF DOMAINS (PREPRINT)

September 17, 2021 Olivier van der Toorn

 * Twitter

 * Google+

 * Facebook

 * Reddit

 * LinkedIn

 * StumbleUpon

 * Pinterest

 * Email

> DDoS attacks threaten Internet security and stability, with attacks reaching
> the Tbps range. A popular approach involves DNS-based reflection and
> amplification, a type of attack in which a domain name, known to return a
> large
> answer, is queried using spoofed requests. Do the chosen names offer the
> largest amplification, however, or have we yet to see the full amplification
> potential? And while operational countermeasures are proposed, chiefly
> limiting
> responses to ‘ANY’ queries, up to what point will these countermeasures be
> effective? In this paper we make three main contributions. First, we propose
> and validate a scalable method to estimate the amplification potential of a
> domain name, based on the expected ANY response size. Second, we create
> estimates for hundreds of millions of domain names and rank them by their
> amplification potential. By comparing the overall ranking to the set of
> domains observed in actual attacks in honeypot data, we show whether attackers
> are using the most-potent domains for their attacks, or if we may expect
> larger
> attacks in the future. Finally, we evaluate the effectiveness of blocking ANY
> queries, as proposed by the IETF, to limit DNS-based DDoS attacks, by
> estimating the decrease in attack volume when switching from ANY to other
> query
> types. Our results show that by blocking ANY, the response size of domains
> observed in attacks can be reduced by 57%, and the size of most-potent domains
> decreases by 69%. However, we also show that dropping ANY is not an absolute
> solution to DNS-based DDoS, as a small but potent portion of domains remain
> leading to an expected response size of over 2,048 bytes to queries other than
> ANY.

--------------------------------------------------------------------------------

Title ANYway: Measuring the Amplification DDoS Potential of Domains Authors
Olivier van der Toorn, Johannes Krupp, Mattijs Jonker, Roland van Rijswijk-Deij,
Christian Rossow, and Anna Sperotto Publication date October 2021 Journal 17th
International Conference on Network and Service Management (CNSM 2021)

 * 
 *   
   * DNS
   * DDoS
   * TXT
   * Amplification
   * ANY queries

 * TXTing 101: Finding Security Issues in the Long Tail of DNS TXT Records


TIDE

Threat Identification Using Active DNS Measurements

 * 
 * 
 * 
 * 
 * 


RECENT POSTS


ANYWAY: MEASURING THE AMPLIFICATION DDOS POTENTIAL OF DOMAINS (PREPRINT)

September 17, 2021


TXTING 101: FINDING SECURITY ISSUES IN THE LONG TAIL OF DNS TXT RECORDS

September 1, 2020


A CASE OF IDENTITY: DETECTION OF SUSPICIOUS IDN HOMOGRAPH DOMAINS USING ACTIVE
DNS MEASUREMENTS

September 1, 2020


LOOKING BEYOND THE HORIZON: THOUGHTS ON PROACTIVE DETECTION OF THREATS

February 4, 2020


FIRST 2019: DEFENDING THE (EDINBURGH) CASTLE

June 26, 2019
View more posts


CATEGORIES



presentation 7





pages 5





about 2





blog 2





animation 1





datasets 1





posters 1





publications 1





regular-expressions 1





slides 1





talks 1




ABOUT

We try to make the Internet a safer place by predicting if domain names will be
used for malicious intent.

Learn More

© 2021 TIDE - Threat Identification Using Active DNS Measurements . Powered by
Hugo


 *  HOME


 *  ABOUT


 *  CONSORTIUM


 *  PEOPLE


 *  PUBLICATIONS


 *  POSTERS


 *  SLIDES


 *  BLOG


RECENT POSTS


ANYWAY: MEASURING THE AMPLIFICATION DDOS POTENTIAL OF DOMAINS (PREPRINT)

September 17, 2021


TXTING 101: FINDING SECURITY ISSUES IN THE LONG TAIL OF DNS TXT RECORDS

September 1, 2020


A CASE OF IDENTITY: DETECTION OF SUSPICIOUS IDN HOMOGRAPH DOMAINS USING ACTIVE
DNS MEASUREMENTS

September 1, 2020


LOOKING BEYOND THE HORIZON: THOUGHTS ON PROACTIVE DETECTION OF THREATS

February 4, 2020


UNICODE HOMOGLYPHS

August 14, 2019
View more posts


   SHARE THIS POST

 * Twitter

 * Google+

 * Facebook

 * Reddit

 * LinkedIn

 * StumbleUpon

 * Pinterest

 * Email