Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Operation And Security Protection

Published byViolet Jennifer Byrd Modified over 6 years ago

Similar presentations

Presentation on theme: "DNS Operation And Security Protection"— Presentation transcript:

1 DNS Operation And Security Protection
2016/06

2 Who am i Mike CNNIC Planning Engineer Responsible for:
DNS Projects Planning and Operation Reliability

3 Contents The Operating Status Of CNNIC Security Monitoring Platform
DNS Security Operation And Security Protection Future

4 1. The Operation Status Of CNNIC
The architecture Three centers in two places (CNNIC data center, Yizhuang data center and Chengdu data center) Support IPv6 and DNSSEC 30+ global/Local service nodes. BGP+Anycast for IP broadcast. BGP + IP Anycast ROOT instance(F I J L ) TLD (.CN .中国 .公司 .网络) SLD (cnnic.cn com.cn…) Recursive service ( and ) 60+ monitoring nodes for secure and Reliability monitoring 海外节点11个,国内节点21个 平台每年遭受攻击50-100次左右 最高攻击记录160万qps攻击

5 Number of Domain Names .cn(en) >17.4 million 中文.cn >2.2 million .中国 >500 thousand .公司 >65 thousand .网络 >46 thousand 8 billion + (QPD)

6 The number of online services are more than 300+
20+ times service change and upgrading and 3-5 times emergency handling each month The total number of service monitoring up to , the daily alarm rate reached 2000+!

7 2. Security Monitoring Platform
2.1 Monitoring Nodes Deployment 2.2 Domain name system monitoring 2.3 Data Processing

8 2.1 Monitoring Nodes Deployment
Cover 6 ISP networks in China 30+ provinces in China Overseas deployment

9 2.2 Domain name system monitoring
Root name server monitoring TLD name server status monitoring Recursive DNS service monitoring VIP domain name monitoring

10 2.3 Data Processing Big data analysis platform
Statistical analysis of domain name data Statistical analysis of domain name based on geographic location Analysis of the change of domain name

11 3. DNS Security 3.1 DNS Attack types 3.2 Attack Methods Analysis
3.3 DNS Attacks in CNNIC

12 3.1 DNS Attack types DDOS NXDomain Attack Amplification Attack
Cache poisoning DNS hijacking

13 3.2.1 NXDOMAIN Attack The attacker sends a flood of queries to a DNS server to resolve a non-existent domain name. The recursive server tries to locate this non-existing domain by carrying out multiple domain name queries but does not find it In the process, its cache is filled up with NXDOMAIN results. DNS recursive server waits for responses, outstanding query limit exhausted Target domain’s auth server experiences DDoS

14 3.2.2 DNS Amplification Attack
Combines Reflection and Amplification Uses third-party open resolvers in the Internet (unwitting accomplice) Attacker sends spoofed queries to the open recursive servers Queries specially crafted to result in a very large response

15 3.2.3 DNS Cache Poisoning  A malicious user attempts to guess that a DNS client or server has sent a DNS query and is waiting for a DNS response. A successful spoofing attack will insert a fake DNS response into the DNS server’s cache For UDP query, the No way to  verify the DNS data is authentic. The DNSSEC will handle it for you!

16 3.2.4 DNS Hijacking Some ISP will hijack your DNS query (Sometimes webpages with“server not found”status will be replaced by ads web) Internet Censorship DNS hijacking involves a malware, the DNS Cache poisoning involves overwriting your local DNS cache with fake values

17 3.3 DNS Attacks in CNNIC DNS Attack Attack Case
The CNNIC DNS platform suffered more than 30 attacks in 2015. Attack Case DNS Attack Most attack domain are “random.domain.cn” Most attack domain are game or e-commerce related. The src IP addresses are massive Most domain are set ClientHold status. DDoS:1.6 million QPS/s Attack Domain:xxx.dianbaobao.net.cn Target Website:E-commerce

18 4. Operation And Security Protection
4.1 SOS2 4.2 SDNS-AM 4.3 SDNS-D

19 4.1 SOS2 Unified management and monitoring system
Monitor all server and service status Configuration management

20 4.2 SDNS-AM Data analysis + monitoring alarm
Real time analysis of DNS data (single node 150 thousand) Multidimensional statistics and analysis (20+ categories, statistical indicators) Network and anomaly detection mechanism (two patent algorithm support) Distributed deployment support, and centralized analysis

21 4.3 SDNS-D Real-time traffic analysis Traffic statistics
QPS, IP, domain name and other information Attack Recognition Fixed IP attack Random field Network Traffic Redirect DNS Data Cleaning

22 5. Future 5.1 Embrace the open source community
5.2 Big data analysis and visualization

23 5.1 Embrace the open source community
Automation management system with Ansible Docker virtualization to build a fast delivery system Openstack cloud platform to build DNS cloud(Dr Ding) ELK for Big data indexing and processing.

24 5.2 Big data analysis and visualization
Processing and analyzing massive data(log data, event data, etc.) Real time data analytics. Visual data display, make operation work much faster and easier.

25 Q&A Thanks

Download ppt "DNS Operation And Security Protection"

Similar presentations

.CN DNS Operation Status Cuiling Zhang CNNIC 2008.02.

.CN DNS Operation Status Cuiling Zhang CNNIC
Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115.

MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Harness Your Internet Activity. Zeroing in On Zero Days DNS OARC Spring 2014 Ralf Weber

Harness Your Internet Activity. Zeroing in On Zero Days DNS OARC Spring 2014 Ralf Weber
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Online Game Trojan SecurityLabs.websense.com Hermes Li.

Online Game Trojan SecurityLabs.websense.com Hermes Li.
What DNS is Not 0 Kylie Brown, Jordan Eberst, Danielle Franz Drew Hanson, Dennis Kilgore, Charles Newton, Lindsay Romano, Lisa Soros 0 Paul Vixie. 2009.

What DNS is Not 0 Kylie Brown, Jordan Eberst, Danielle Franz Drew Hanson, Dennis Kilgore, Charles Newton, Lindsay Romano, Lisa Soros 0 Paul Vixie
Web Application Firewall (WAF) RSA ® Conference 2013.

Web Application Firewall (WAF) RSA ® Conference 2013.
DNS Security Pacific IT Pros Nov. 5, 2013. Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.

Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.
Botnet behavior and detection October 2014 - RONOG Silviu Sofronie – a Head of Forensics.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

Similar presentations

Ads by Google