Reproducing DNS 10Gbps flooding attacks with commodity-hardware

International audienceBeing DNS an essential service for Internet reliability, it is an attractive target for malicious users. The constantly increasing Internet traffic rate challenges DNS services and their attack detection methods to handle actual queries while being flooded by tens of millions of malicious requests per second. Moreover, state of the art on hostile actions evolve fast. DNS administrators continuously face new kinds of attacks and they regularly need to evaluate their detection systems. We have studied different approaches to develop a tool able to reproduce state-of-the-art attacks, aiming to make it easy to evaluate countermeasure strategies. We have focused on commodity-hardware, DPDK and MoonGen to build a flexible flood query generator. The described tool can saturate a 10Gbps link, sending more than 12 million attack-like random DNS requests per second