DNS Amplification Attacks - Techist - Tech Forum

Go Back   Techist - Tech Forum > Internet > Computer Networking and Internet Hardware > Networking Tips, Tricks & FAQ
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-04-2006, 04:17 PM   #1 (permalink)
It's all just 1s and 0s
 
office politics's Avatar
 
Join Date: Jan 2004
Location: in the lab
Posts: 6,555
Send a message via MSN to office politics
Default DNS Amplification Attacks

DNS Amplification Attacks
Preliminary release
Randal Vaughn and Gadi Evron
March 17, 2006


Abstract

This paper outlines a Distributed Denial of Service (DDoS) attack which abuses open recursive
Domain Name System (DNS) name servers using spoofed UDP packets.
Our study is based on packet captures and logs from attacks reported to have a volume of 2.8Gbps. We
study this data in order to further understand the basics of the reported recursive name server
amplification attacks which are also known as DNS amplification or DNS reflector attacks. One of the
networks under attack, Sharktech, indicated some attacks have reached as high as 10Gbps and used as
many as 140,000 exploited name servers. In addition to the increase in the response packet size, the
large UDP packets create IP protocol fragments. Several other responses also contribute to the overall
effectiveness of these attacks.

The risks involved with the recursive name server feature, as well as those of packet spoofing are well
known, yet have been treated more as a theoretical issue. The attack under study was anticipated as
early as 2002 (gnupg 2002). Earlier attacks using queries to non-authoritative servers were for a
reflection attack usingMX records (Mirkovic, Dietrich, Dittrich. and Reiher). To our knowledge, this
is the first documentation of a new form of a recursive name server reflection attack designed to use
the significantly larger data amplification available from the extended capabilities of extended DNS
standards . In addition to this attack technique, recursion can be leveraged for other uses such as theft
of DNS resources (CERT UNI-Stuttgart 2003).
office politics is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:42 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.