Analysis of L4 DoS/DDoS attacks and mitigation techniques for DNS reflection attack

Thumbnail Image
Other Title
Al-Jarrah, Zaid
Author ORCID Profiles (clickable)
Master of Computing
Unitec Institute of Technology
Sarrafpour, Bahman
Ardekani, Iman
Masters Thesis
Ngā Upoko Tukutuku (Māori subject headings)
Distributed Denial of Service (DDoS)
DDoS attacks
DNS reflection attacks
Domain Name System
DDoS defenses
Unicast Reverse Path Forward (uRPF)
Cisco routers
ANZSRC Field of Research Code (2020)
Al-Jarrah, Z. (2018). Analysis of L4 DoS/DDoS attacks and mitigation techniques for DNS reflection attack. Unpublished master's thesis. [Submitted in partial fulfilment for the degree of Masters Thesis, Computing, Unitec Institute of Technology, New Zealand].
Cybersecurity is a very important area that needs to be worked on and improved. Day by day technology becomes closer to human life in many ways. In recent years, especially after the emergence of IoT and cloud computing, technology has started to control a big part of our assets. These assets could be data medical assets, financial assets, etc. For example, today we see technology being involved in sensitive medical operations, so human life has become related to technology and any failure could cause risk to human life. There are many types of cyber threat and different types of cyber-attacks: this study discusses DNS Distributed Denial of Service (DDoS) attacks and focuses on DNS reflection attacks, which are one of the most common kinds of attack. These attacks depend on exploiting a DNS service that relies on User Datagram Protocol (UDP), which is one of the essential services that is working in the background to support internet services. To be able to analyse a DNS reflection attack, I designed and built a testbed network which represented the environment that runs the attack. The testbed included Cisco routers, Cisco switches, and servers. These routers played the main role in demonstrating attack stages and factors, and by analysing the results, I built a mitigation technique to reduce or eliminate the possibility of those factors. All the results and readings presented in this study are generated and collected by the author while creating an actual attack at lab using cisco routers, switches and servers rather than using simulation or emulation software. Using those devices make the testbed similar to a commercial environment that are exposed or targeted by real attacks. This process leads to achieve the desired practical outcomes. The results showed that applying separate mitigation techniques in different stages and in more than one place worked perfectly to reduce attack load by using uRPF, Unicast Reverse Path Forward, is a standard security feature work to prevent spoofed packets. Using Separate technique in mitigation methodology gives very positive results without exhausting router resources, such as CPU, temperature and RAM. Then, I use Zone-based firewall, which is a cisco security feature, allow the Cisco router to behave like a Firewall, by separate the router to Zones to control incoming packets that are coming from outside the router (Internet). All stages together, work as an integrated solution. The suggested mitigation techniques are perfect for SMB organisations in terms of protecting their own network and DNS servers.
Link to ePress publication
Copyright holder
Copyright notice
All rights reserved
Copyright license
Available online at