Get In Touch
DNS DDoS continues on the trend line established in 2014 - with tens of billions of malicious queries Internet-wide every day. Many of the domains attacked are lightly trafficked, but popular (Alexa 5000) domains are commonly targeted. For example, alternative news sites, a university, and e-commerce sites have been attacked in the past couple of months. Attacks on popular domains require extra care when mitigating to avoid blocking legitimate queries.
Nominum, now part of Akamai, Research shows about 15% of DNS DDoS traffic is amplification yet it still has an impact (the rest are random subdomains). Data also shows bad guys continue to leverage open DNS resolvers which after more than 2 years might be considered an "old-days" technique, yet there are still around 17 million of them on the Internet. More recently our research teams have seen bots sending
The ongoing protests in Hong Kong are attracting worldwide attention. Less visible is a connection to the ongoing DNS-based DDoS attacks that started early this year. On Sunday, Sept 28 attackers used DNS based DDoS to target Passion Times, a local Hong Kong newspaper (http://www.passiontimes.hk/). The site was brought down for most of the day and had to resort to Facebook (https://www.facebook.com/passiontimes) in order to get the news out.
A new kind of DDoS attack is currently stressing DNS infrastructure everywhere. Attackers gain access to DNS resolvers through home gateways with open DNS proxies. Proxies forward large bursts of queries with spoofed IP addresses to whatever resolver they are configured to use, usually an ISP resolver. With these attacks, the overwhelming majority of queries require recursion so resolvers in turn query authoritative servers to get answers.
A new variant of DNS amplification attack relies on home gateways with open DNS proxies to forward DNS queries to ISP resolvers. To launch this exploit attacker can deploy their exploit code anywhere on the Internet that allows address spoofing, a compromised server in a hosting facility for example. From there DNS queries can be targeted at any network with open home gateways. These queries enter ISP networks at border
Ten years ago everyone evaluating DNS solutions was always concerned about performance. Broadband networks were getting faster, providers were serving more users, and web pages and applications increasingly stressed the DNS. Viruses were a factor too as they could rapidly become the straw that broke the camel's back of a large ISP's DNS servers. The last thing a provider needed was a bottleneck, so DNS resolution speed became more and
Like any critical part of network infrastructure, securing recursive DNS requires a layered approach. All the points of entry into the system - the console(s), network, etc need to be protected.
Your new DNS infrastructure is up and running! Here's what to watch for, how to monitor, and tips for patches and upgrades.
The DNS is a critical component of ISP infrastructure. It's usually described in two forms, Authoritative and Caching.