Giter VIP home page Giter VIP logo

xdp_dns's Introduction

xdp_dns

This is the repository related to the following paper: "Leveraging on the XDP Framework for the Efficient Mitigation of Water Torture Attacks within Authoritative DNS Servers" accepted in IEEE NetSoft 2020, Ghent, Belgium as a short paper.

Paper Abstract:
In this paper we relied on the eXpress Data Path (XDP) framework to efficiently mitigate Water Torture attacks at the NIC driver level of Authoritative DNS Servers. Our Deep Packet Inspection approach may benefit DNS Administrators who wish to mitigate such attacks within their DNS infrastructure and avoid the latency overhead and additional costs of outsourcing mitigation to external cloud services. XDP does not depend on specialized hardware contrary to P4, DPDK, etc. and our approach does not blacklist entire domain suffices. We differentiate between valid and invalid DNS requests using Bloom Filters. Bloom Filters map DNS zone contents in memory efficient manner. These probabilistic data structures are free of false negatives and thus, all legitimate requests are forwarded for name resolution.

Repository Organization:

  • Separate Calculations: We hash received DNS names using separate Mmh3 calculations, i.e. calculating extensively all k hash functions required for Bloom Filter element lookups.
  • Double Hashing: We hash received DNS names using Double Hashing for better performance. This approach requires calculating only 2 hash digests to derive all k hash functions required for Bloom Filter element lookups. More information available in S. Tarkoma et al., "Theory and Practice of Bloom Filters for Distributed Systems", IEEE Communications Surveys & Tutorials, Volume 14, Issue 1, pp. 131-155, 1st Quarter 2012
  • Traces: Names used in the construction of the Attack traces.
  • Bloom Filters XDP: Contains Bloom Filters used in our experimentation and guidelines on how to create your own.
  • User Space Filtering: a User Space utility introduced in our previous work "A Privacy-Preserving Schema for the Detection and Collaborative Mitigation of DNS Water Torture Attacks in Cloud Infrastructures" submitted and presented in IEEE CloudNet 2019. A link to the presentation is available from here: http://www.netmode.ntua.gr/Presentations/CloudNet_nkostopoulos.pptx

Useful Links:
https://mcorbin.fr/pages/xdp-introduction/: A very useful and well-written tutorial that provides installation instructions and a basic XDP program. We customized this code to build our programs.
https://github.com/jwerle/murmurhash.c/blob/master/murmurhash.c: Murmurhash3 implementation. Mmh3 hashes in chucks of 4-bytes. We customized this approach to hash DNS names as the FQDN is parsed. This is useful to reduce the number of loops that need to be unrolled in XDP.
https://github.com/matthewbentley/ebpf-flowradar: An implementation that uses XDP and Bloom Filters to handle Layer 2-4 packet header information. Our approach performs Deep Packet Inspection on DNS requests (Layer 7). Thus, we investigate XDP performance on a layer 7 protocol compared to other approaches.
https://en.wikipedia.org/wiki/Bloom_filter: Bloom Filters, Wikipedia Article

xdp_dns's People

Contributors

nkostopoulos avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar

Forkers

fatihusta

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.