Skip to main content

DDoS Attacks Abuse DNS Services

Distributed Denial of Service (DDoS) attacks are a serious threat to an organization’s ability to attract, retain, and interact with customers. Simply put, a DDoS attack is designed to render an organization’s web presence inaccessible to legitimate users by overwhelming the underlying infrastructure with malicious traffic.
ddos
Traditional DDoS attacks are only becoming cheaper and easier to perform. The rise of the Internet of Things (IoT) and growth of cloud computing mean that cybercriminals have easy access to a great deal of Internet-connected computational power. These botnets can be tasked to send malicious requests to a website in volumes greater than the web servers can withstand.
However, the growth of cheap and easily accessible computing power is not the only way in which the DDoS threat landscape is evolving. Cybercriminals are also taking advantage of new tools and techniques to perform their attacks. One example of such a technique is the NXNSAttack. This attack takes advantage of the properties of recursive Domain Name System (DNS) servers to perform a DDoS attack against the victim’s DNS server. If this DNS server is not behind robust DDoS protection, it could become overwhelmed, leaving the organization’s website inaccessible to legitimate users.
The Importance of DNS Infrastructure
When using the Internet, most people don’t type in the IP address of the computer that they are trying to access. Instead, they type a domain name or URL, such as google.com. However, these IP addresses are what the client computer and the routers on the path between the source and destination computers require to ensure that the traffic reaches its intended destination.
DNS is the Internet protocol that enables the translation of domain names to IP addresses. The DNS infrastructure is organized as a hierarchy of servers designed to handle queries for a certain domain. This means that a query to resolve a particular website’s URL may require requests to multiple DNS servers (i.e. .com, google.com, etc.). In order for a website to be accessible to users, they need to be able to convert its URL to the IP address of the server hosting it. This requires every DNS server required to resolve the address to be online and reachable by a computer.
The 2016 DDoS attack against Dyn, a major DNS provider, demonstrates the potential impact of a DDoS attack against DNS infrastructure. During the attack, the servers hosting Dyn’s managed DNS service were targeted by a couple of DDoS attacks from the Mirai botnet. While the service was eventually able to overcome the attack, a significant percentage of the Internet became unreachable during the attack when the service was incapable of resolving the DNS requests of legitimate users.
DNS System Used in DDoS Attacks
DDoS attacks against DNS infrastructure are nothing new, as demonstrated by the 2016 DDoS attack against Dyn. However, the relationship between DDoS attacks and DNS services are not always those of attacker and target. Some DDoS attacks are designed to take advantage of DNS services to amplify the impact of the attack. A recently-discovered attack takes advantage of the hierarchical structure of DNS infrastructure. Recursive DNS servers are designed to pass DNS requests to authoritative servers that sit upstream to resolve the domain name into an IP address. These authoritative servers also have the ability to delegate this authority to other DNS servers.
The new attack takes advantage of this functionality to perform DDoS attacks. In this attack, the attacker will send a DNS request to a DNS server for which the authoritative DNS server is one under the attacker’s control. Upon receiving the request, the attacker’s DNS server will instruct the recursive DNS server to delegate this authority to a long list of fake DNS servers in the victim’s domain. In order to resolve the request, the recursive DNS server will then query the victim’s DNS server for each of these supposed DNS servers. As a result, the victim’s DNS server is hit with a huge amount of traffic from the recursive DNS server, degrading its ability to resolve legitimate DNS requests.
If the victim’s DNS server is unable to handle requests, then attempted visitors to sites within the victim’s domain are unable to translate their URLs to the IP addresses of the victim’s web servers. As a result, the victim’s website can become completely unreachable, and, potentially, employees may lose access to internal services on the corporate intranet if access to these services depends upon the corporate DNS server.
Protecting Against DDoS Attacks
An organization’s web presence is vital to its ability to do business. Customers increasingly prefer to browse and potentially make purchases online rather than visit physical stores. Additionally, many organizations are moving some or all of their customer service functionality to their website due to the increased scalability that it provides.
Cybercriminals have several different methods by which they can take a website offline via DDoS attacks. Attackers can either attack the website directly by sending requests to the web application or target the DNS infrastructure that the website relies upon to route visitors’ traffic to its web servers. As DDoS attacks become easier and cheaper to perform, they are likely to become even more common. Ensuring the availability of the company web presence requires deployment of robust DDoS mitigation solutions capable of identifying and blocking a range of different DDoS attacks.

Comments

Popular posts from this blog

AIRBUS A380 CUSTOM ($500 MILLION) OWNED BY AL-WALEED BIN TALAL

Airbus A380 Custom ($500 million): This is the most expensive private jet in the world, owned by Al-Waleed Bin Talal from Saudi Arabia and a member of the Saudi royal family – House of Saud. Prince Al-Waleed bin Talal has the eighth-highest amount given to charity ($3.5 billion) among the greatest philanthropists. He’s the 50th richest man in the world. He has almost everything gold plated in the plane and comes with a solid gold throne in the middle. The jet is referred to as Kingdom in the Sky and comes with a Turkish bath, a garage where he can park his Rolls Royce and even a prayer room with electronic mat that automatically rotates to face Mecca.

Reno Omokri claims these monumental structures in Western countries are "dedicated to satan" then shares biblical passages to back his claim

Reno Omokri shared photos of some structures built in Western countries and alleged that they are dedicated to satan. He then shared biblical passages to back his claim. He shared photos of structures in London, Rome, Washington D.C. and New York and said they are the "Asherah Pole, a pagan idol" which "God detests and warns believers to avoid".  He wrotes:         1 Kings 16:33, 2 Kings 23:6, Deuteronomy 16:21, Exodus 34:13 and many other verses of Scripture instruct us that an Asherah Pole is a pagan idol God detests and warns believers to avoid. But what is an Asherah Pole? Google it and check the images that describe it. An Asherah Pole is simply a phallic pole dedicated to satan. Almost all major cities in the West have an Asherah Pole hidden in plain sight!? #TableShaker   kk

THE HISTORY OF ENUGU-EZIKE, SINGLE LARGEST AFRICAN COMMUNITY

Enugu-Ezike reputed as the largest single community in black Africa is located in Igbo Eze North Local Government Area of Enugu State of Nigeria. It has a population of about 259,431 with 36 villages in addition to some other newly created political autonomous communities. Enugu-Ezike has common boundaries with Benue and Kogi States of Nigeria. On the North is Ette, a non-Igbo speaking community in Igbo Eze North Local Government Area. On the East is Ofante and Idoma while the North West flank are Amaka and Akpanya communities of Benue State. To the South West is Ibagwa, Alor Agu, Unadu and Itchi. To the South East of Enugu-Ezike are Obollo Afor, Iheaka and Ovoko. Enugu Ezike is renowned for her palm wine, practice of traditional medicine and African Traditional Religion (ATR). As to the origin of Enugu-Ezike, various writers and researchers have come up with varied opinions about that. However, the one that appealed to me most has it that Enugu-Ezike originated from Benin Kingd