{"id":"https://openalex.org/W4416245612","doi":"https://doi.org/10.1145/3719027.3765096","title":"Forward to Hell? On the Potentials of Misusing Transparent DNS Forwarders in Reflective Amplification Attacks","display_name":"Forward to Hell? On the Potentials of Misusing Transparent DNS Forwarders in Reflective Amplification Attacks","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416245612","doi":"https://doi.org/10.1145/3719027.3765096"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765096","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765096","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765096","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765096","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015783410","display_name":"Maynard Koch","orcid":"https://orcid.org/0009-0009-3698-1342"},"institutions":[{"id":"https://openalex.org/I78650965","display_name":"Technische Universit\u00e4t Dresden","ror":"https://ror.org/042aqky30","country_code":"DE","type":"education","lineage":["https://openalex.org/I78650965"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Maynard Koch","raw_affiliation_strings":["TU Dresden, Dresden, Saxony, Germany"],"affiliations":[{"raw_affiliation_string":"TU Dresden, Dresden, Saxony, Germany","institution_ids":["https://openalex.org/I78650965"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120549392","display_name":"Florian Dolzmann","orcid":"https://orcid.org/0009-0002-2591-7264"},"institutions":[{"id":"https://openalex.org/I78650965","display_name":"Technische Universit\u00e4t Dresden","ror":"https://ror.org/042aqky30","country_code":"DE","type":"education","lineage":["https://openalex.org/I78650965"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Florian Dolzmann","raw_affiliation_strings":["TU Dresden, Dresden, Saxony, Germany"],"affiliations":[{"raw_affiliation_string":"TU Dresden, Dresden, Saxony, Germany","institution_ids":["https://openalex.org/I78650965"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027677424","display_name":"Thomas C. Schmidt","orcid":"https://orcid.org/0000-0002-0956-7885"},"institutions":[{"id":"https://openalex.org/I70451448","display_name":"HAW Hamburg","ror":"https://ror.org/00fkqwx76","country_code":"DE","type":"education","lineage":["https://openalex.org/I70451448"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thomas C. Schmidt","raw_affiliation_strings":["HAW Hamburg, Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"HAW Hamburg, Hamburg, Germany","institution_ids":["https://openalex.org/I70451448"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039216100","display_name":"Matthias W\u00e4hlisch","orcid":"https://orcid.org/0000-0002-3825-2807"},"institutions":[{"id":"https://openalex.org/I78650965","display_name":"Technische Universit\u00e4t Dresden","ror":"https://ror.org/042aqky30","country_code":"DE","type":"education","lineage":["https://openalex.org/I78650965"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Matthias W\u00e4hlisch","raw_affiliation_strings":["TU Dresden, Dresden, Saxony, Germany"],"affiliations":[{"raw_affiliation_string":"TU Dresden, Dresden, Saxony, Germany","institution_ids":["https://openalex.org/I78650965"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5015783410"],"corresponding_institution_ids":["https://openalex.org/I78650965"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.35588587,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3915","last_page":"3929"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.4388999938964844,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.4388999938964844,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.24570000171661377,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.10939999669790268,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.739799976348877},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5627999901771545},{"id":"https://openalex.org/keywords/anycast","display_name":"Anycast","score":0.5572999715805054},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.546500027179718},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4722000062465668},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.46639999747276306},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.44850000739097595},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.4277999997138977}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7523999810218811},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.739799976348877},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.7379999756813049},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5627999901771545},{"id":"https://openalex.org/C122005561","wikidata":"https://www.wikidata.org/wiki/Q613897","display_name":"Anycast","level":3,"score":0.5572999715805054},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.546500027179718},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5378000140190125},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4722000062465668},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.46639999747276306},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.44850000739097595},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.4277999997138977},{"id":"https://openalex.org/C102359118","wikidata":"https://www.wikidata.org/wiki/Q178163","display_name":"Round-robin DNS","level":4,"score":0.3741999864578247},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.3529999852180481},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.3174000084400177},{"id":"https://openalex.org/C2776257435","wikidata":"https://www.wikidata.org/wiki/Q1576430","display_name":"Bandwidth (computing)","level":2,"score":0.3172000050544739},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.30559998750686646},{"id":"https://openalex.org/C186594467","wikidata":"https://www.wikidata.org/wiki/Q1429176","display_name":"Flooding (psychology)","level":2,"score":0.28999999165534973},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.2793000042438507},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.26969999074935913},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.2687000036239624},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2639999985694885},{"id":"https://openalex.org/C105320234","wikidata":"https://www.wikidata.org/wiki/Q41494","display_name":"Name server","level":3,"score":0.2538999915122986}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3719027.3765096","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765096","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765096","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2510.18572","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2510.18572","pdf_url":"https://arxiv.org/pdf/2510.18572","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765096","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765096","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765096","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416245612.pdf","grobid_xml":"https://content.openalex.org/works/W4416245612.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1786926183","https://openalex.org/W1867219652","https://openalex.org/W1989454965","https://openalex.org/W2001637908","https://openalex.org/W2022350629","https://openalex.org/W2028060714","https://openalex.org/W2070831748","https://openalex.org/W2308739859","https://openalex.org/W2535378852","https://openalex.org/W2548400217","https://openalex.org/W2588683548","https://openalex.org/W3096245080","https://openalex.org/W3210272054","https://openalex.org/W3217339560","https://openalex.org/W4226004257","https://openalex.org/W4226314350","https://openalex.org/W4288072852","https://openalex.org/W4319320234","https://openalex.org/W4384918572","https://openalex.org/W4403575103"],"related_works":[],"abstract_inverted_index":{"The":[0],"DNS":[1,34,52,61,64,67,81,129,166],"infrastructure":[2,160],"is":[3],"infamous":[4],"for":[5],"facilitating":[6],"reflective":[7,101],"amplification":[8,102],"attacks.":[9,103],"Various":[10],"countermeasures":[11],"such":[12],"as":[13],"server":[14],"shielding,":[15],"access":[16],"control,":[17],"rate":[18,119],"limiting,":[19],"and":[20,42,86,121],"protocol":[21],"restrictions":[22],"have":[23],"been":[24],"implemented.":[25],"Still,":[26],"the":[27,31,44,113,128,164],"threat":[28,47],"remains":[29],"throughout":[30],"deployment":[32],"of":[33,60,142,163],"servers.":[35],"In":[36],"this":[37,135],"paper,":[38],"we":[39],"report":[40],"on":[41],"evaluate":[43],"often":[45],"unnoticed":[46],"that":[48,153],"derives":[49],"from":[50],"transparent":[51,78,107],"forwarders,":[53],"a":[54,140],"widely":[55],"deployed,":[56],"incompletely":[57],"functional":[58],"set":[59],"components.":[62],"Transparent":[63,144],"forwarders":[65,79,108,145],"transfer":[66],"requests":[68,82],"without":[69],"rebuilding":[70],"packets":[71],"with":[72],"correct":[73],"source":[74],"addresses.":[75],"As":[76],"such,":[77],"feed":[80],"into":[83],"(mainly":[84],"powerful":[85],"anycasted)":[87],"open":[88],"recursive":[89,155],"resolvers,":[90,156],"which":[91],"thereby":[92],"can":[93,146],"be":[94],"misused":[95],"to":[96,112,139],"participate":[97],"unwillingly":[98],"in":[99,149],"distributed":[100],"We":[104,132],"show":[105],"how":[106],"raise":[109],"severe":[110],"threats":[111],"Internet":[114],"infrastructure.":[115,131],"They":[116],"easily":[117],"circumvent":[118],"limiting":[120],"achieve":[122],"an":[123],"additional,":[124],"scalable":[125],"impact":[126],"via":[127],"anycast":[130],"empirically":[133],"verify":[134],"scaling":[136],"behavior":[137],"up":[138],"factor":[141],"14.":[143],"also":[147],"assist":[148],"bypassing":[150],"firewall":[151],"rules":[152],"protect":[154],"making":[157],"these":[158],"shielded":[159],"entities":[161],"part":[162],"global":[165],"attack":[167],"surface.":[168]},"counts_by_year":[],"updated_date":"2026-03-13T14:20:09.374765","created_date":"2025-10-24T00:00:00"}