The Role of DNS TTL Values in Potential DDoS Attacks: What Do the Major Banks Know About It?

In this paper, we examine the impact of DNS TTL values on the overall user experience in accessing a web site. We demonstrate that a web-site that utilizes inappropriate DNS TTL values could experience damaging and costly consequences, especially if falling victim to a DDoS attack. Subsequently, we represent the results of our survey that has looked into the DNS TTL values of the major US and EU banks. The results of this survey show that in the world of financial institutions, the level of assets and public exposure is highly correlated with the level of sophistication in DNS (Record) management. Specifically, we show that a number of (often smaller-scale) banks choose inappropriately long DNS TTL values, creating a vulnerability that could be easily exploited by an adversary.