What is a DNS Amplification Attack?
DNS Attack Description:
A prevalent type of DDoS attack is the Domain Name Server (DNS) reflection-based amplification attack. The attackers spoof target server IP addresses and send DNS requests to open DNS resolvers on the Internet. The DNS resolvers send responses, which are amplified by a large factor as compared to the requests, back to the target server(s), overwhelming them with large amounts of unsolicited traffic with little outgoing bandwidth.
Very small DNS requests can result in very large and a high-volume of DNS responses (i.e. Amplification Factor).
DNS spoofing also know as DNS cache poisoning is a DDoS attack in which the attackers spoof a victim’s DNS infrastructure, all of the reflected/amplified responses flood a victim’s DNS server, which usually takes them offline. Since the DNS requests and responses look 100% normal, this attack is rarely detectable by deep packet inspection technologies.
HOW TO PROTECT AGAINST A DNS ATTACK:
A method to mitigate a DNS Amplification Attack in real-time is with Corero’s SmartWall Appliance. The SmartWall is capable of mitigating a wide range of DDoS attacks all while maintaining full connectivity to avoid disrupting the delivery of legitimate traffic.