Yes, I know: It’s been a while. A long while. I’m back for now, but do not have an idea how often I will get to post new articles. Currently, work gets the better part of me. Family gets another big chunk. Then I have this idea for a web page which I’m currently developing… All in all, I’m pretty busy. Nevertheless I’d love to keep on blogging a bit, since I learned so much during the time I did it, simply by researching my articles and looking for things to write about.
Anyhow, I recently read about this DoS attack involving DNS amplification (unfortunately I can’t find the link at the moment). I found this a really interesting concept and quite a danger for UPD services. The attack works since it is possible to send a relatively small request packet to a DNS server and receive a relatively large answer packet.
Since DNS works over UDP, an attacker can easily spoof his source address. By doing so, not the attacker will receive the (large) DNS response, but rather an arbitrary address of the attacker’s choice. By using multiple DNS servers, a small number of hosts just doing DNS requests with forged source addresses can cause quite some load on the victim’s server. And there’s nothing the victim can do about it, apart from contacting the upstream provider and having them block the offending DNS servers.
Luckily, this only works for UDP services, but still…
Tags: Amplification Attacks, DDoS, DNS, DoS, UDP
Cyberphobia 
Leave a comment