Skip to main content

DDoS Attacks Abuse DNS Services

Distributed Denial of Service (DDoS) attacks are a serious threat to an organization’s ability to attract, retain, and interact with customers. Simply put, a DDoS attack is designed to render an organization’s web presence inaccessible to legitimate users by overwhelming the underlying infrastructure with malicious traffic.
ddos
Traditional DDoS attacks are only becoming cheaper and easier to perform. The rise of the Internet of Things (IoT) and growth of cloud computing mean that cybercriminals have easy access to a great deal of Internet-connected computational power. These botnets can be tasked to send malicious requests to a website in volumes greater than the web servers can withstand.
However, the growth of cheap and easily accessible computing power is not the only way in which the DDoS threat landscape is evolving. Cybercriminals are also taking advantage of new tools and techniques to perform their attacks. One example of such a technique is the NXNSAttack. This attack takes advantage of the properties of recursive Domain Name System (DNS) servers to perform a DDoS attack against the victim’s DNS server. If this DNS server is not behind robust DDoS protection, it could become overwhelmed, leaving the organization’s website inaccessible to legitimate users.
The Importance of DNS Infrastructure
When using the Internet, most people don’t type in the IP address of the computer that they are trying to access. Instead, they type a domain name or URL, such as google.com. However, these IP addresses are what the client computer and the routers on the path between the source and destination computers require to ensure that the traffic reaches its intended destination.
DNS is the Internet protocol that enables the translation of domain names to IP addresses. The DNS infrastructure is organized as a hierarchy of servers designed to handle queries for a certain domain. This means that a query to resolve a particular website’s URL may require requests to multiple DNS servers (i.e. .com, google.com, etc.). In order for a website to be accessible to users, they need to be able to convert its URL to the IP address of the server hosting it. This requires every DNS server required to resolve the address to be online and reachable by a computer.
The 2016 DDoS attack against Dyn, a major DNS provider, demonstrates the potential impact of a DDoS attack against DNS infrastructure. During the attack, the servers hosting Dyn’s managed DNS service were targeted by a couple of DDoS attacks from the Mirai botnet. While the service was eventually able to overcome the attack, a significant percentage of the Internet became unreachable during the attack when the service was incapable of resolving the DNS requests of legitimate users.
DNS System Used in DDoS Attacks
DDoS attacks against DNS infrastructure are nothing new, as demonstrated by the 2016 DDoS attack against Dyn. However, the relationship between DDoS attacks and DNS services are not always those of attacker and target. Some DDoS attacks are designed to take advantage of DNS services to amplify the impact of the attack. A recently-discovered attack takes advantage of the hierarchical structure of DNS infrastructure. Recursive DNS servers are designed to pass DNS requests to authoritative servers that sit upstream to resolve the domain name into an IP address. These authoritative servers also have the ability to delegate this authority to other DNS servers.
The new attack takes advantage of this functionality to perform DDoS attacks. In this attack, the attacker will send a DNS request to a DNS server for which the authoritative DNS server is one under the attacker’s control. Upon receiving the request, the attacker’s DNS server will instruct the recursive DNS server to delegate this authority to a long list of fake DNS servers in the victim’s domain. In order to resolve the request, the recursive DNS server will then query the victim’s DNS server for each of these supposed DNS servers. As a result, the victim’s DNS server is hit with a huge amount of traffic from the recursive DNS server, degrading its ability to resolve legitimate DNS requests.
If the victim’s DNS server is unable to handle requests, then attempted visitors to sites within the victim’s domain are unable to translate their URLs to the IP addresses of the victim’s web servers. As a result, the victim’s website can become completely unreachable, and, potentially, employees may lose access to internal services on the corporate intranet if access to these services depends upon the corporate DNS server.
Protecting Against DDoS Attacks
An organization’s web presence is vital to its ability to do business. Customers increasingly prefer to browse and potentially make purchases online rather than visit physical stores. Additionally, many organizations are moving some or all of their customer service functionality to their website due to the increased scalability that it provides.
Cybercriminals have several different methods by which they can take a website offline via DDoS attacks. Attackers can either attack the website directly by sending requests to the web application or target the DNS infrastructure that the website relies upon to route visitors’ traffic to its web servers. As DDoS attacks become easier and cheaper to perform, they are likely to become even more common. Ensuring the availability of the company web presence requires deployment of robust DDoS mitigation solutions capable of identifying and blocking a range of different DDoS attacks.
Labels:

Comments

Post a Comment

Tell us what you think

Popular posts from this blog

THE HISTORY OF ENUGU-EZIKE, SINGLE LARGEST AFRICAN COMMUNITY

Enugu-Ezike reputed as the largest single community in black Africa is located in Igbo Eze North Local Government Area of Enugu State of Nigeria. It has a population of about 259,431 with 36 villages in addition to some other newly created political autonomous communities. Enugu-Ezike has common boundaries with Benue and Kogi States of Nigeria. On the North is Ette, a non-Igbo speaking community in Igbo Eze North Local Government Area. On the East is Ofante and Idoma while the North West flank are Amaka and Akpanya communities of Benue State. To the South West is Ibagwa, Alor Agu, Unadu and Itchi. To the South East of Enugu-Ezike are Obollo Afor, Iheaka and Ovoko. Enugu Ezike is renowned for her palm wine, practice of traditional medicine and African Traditional Religion (ATR). As to the origin of Enugu-Ezike, various writers and researchers have come up with varied opinions about that. However, the one that appealed to me most has it that Enugu-Ezike originated from Benin Kingd...
Post a Comment
Read more

10 BEST DISPOSABLE GLOVES FOR CORONAVIRUS

Note:  When buying anything online, please exercise good judgment especially in case of buying anything for protection against coronavirus also known as COVID-19. Please refer to the  CDC website  for accurate information. As the reaches of Coronavirus continue to spread across the globe, so has the need for care in how one engages with the outside world. Health personnel most especially have started to employ more as they come in contact with different kinds of people every day. If you are not a doctor however but you work in a line where you come in contact with different people and surfaces, you also have to exercise extreme caution in order to protect yourself from contracting the highly contagious virus. To guarantee your safety from Covid-19 then, we bring you the top ten of one of the most essential PPEs you will need in this season, the disposable gloves. Here they are: 1....
2 comments
Read more

IKOT-EKPENE, THE RAFFIA CITY - My Story Articles

Ikot Ekpene, known throughout Nigeria as "The Raffia City", or locally simply as "IK," is a historic town Akwa Ibom State, South-South Nigeria. It is the political and cultural capital of the Annang ethnic group in Nigeria. The town is located on the A342 highway that parallels the coast, between Calabar to the South-East and Aba to the West, with the state capital, Uyo, on this road just to the East. Umuahia is the next major town to the North. Ikot-Ekpene is known as a regional centre of commerce, notable for palm products, especially palm oil, kernels, raffia products including raffia fibers and its sweet wine, as well as ground crops of yams, cassava, taro, and corn. The population is made up primarily of the Annang people with a small number of Igbo traders and Hausa vendors. Significant exports also include basket weaving, sculpture, and, most notably, raffia cane furniture (hence the colloquial name of the town). Though most inhabitants of the are...
2 comments
Read more