Avoiding the scourge of DNS amplification attacks

August 7th, 2006 · No Comments

In the past eighteen months, the Internet has witnessed a major surge in DNS amplification attacks, a packet flood variation that is capable of generating huge amounts of bogus traffic directed at a target. How huge? Multi-gigabits per second, a deluge big enough to blow pretty much anyone off of the Internet.

Like the much older smurf attacks, DNS amplification involves using spoofed packets against innocent third parties to amplify traffic with the goal of sucking up all of a victim’s bandwidth. But, smurf attacks involve sending packets to a network broadcast address to achieve amplification. DNS amplification attacks don’t involve a broadcast address. Instead, these attacks involve sending small, spoofed DNS queries to a series of innocent third-party DNS servers on the Internet. The DNS servers send a larger response back to the address that appeared to make the request, resulting in an amplification of traffic directed to the ultimate flood target. Because DNS is based on stateless UDP packets, spoofing in this way is trivial.

Prior to late 2005, these attacks relied on DNS queries of 60 bytes or so, with responses of up to 512 bytes, giving an amplification factor of about 8.5. That’s not bad for the attackers, but still not the level of flood they’d like to achieve. Recently, attackers have turned to some newer technology to crank up today’s DNS amplification attacks several notches. Avoiding the scourge of DNS amplification attacks

The Network Security. Org

Avoiding the scourge of DNS amplification attacks

August 7th, 2006 · No Comments

From around the Web

Advertisments

Sponsors

Sponsors

Earlier Archives

Web Links