Lecture 13: DNS Denial of Service Flashcards
What are denial of service attacks?
DoS overwhelms the targets networking or computing infrastructure resulting in their application becoming inaccessible
What is DNS flooding?
Floods the DNS server with requests to the point that it becomes unresonsive
Why target DNS servers?
- Taking down a DNS server potentially takes down all websites served by that name server
- DNS servers may not be as armored in terms of security as the actual web server might be
- DNS typically is a fast protocol, delays can be noticeable to end users
What are the results of DNS flooding?
DNS requests by users may go unanswered and users who dont have the dns info cached won’t be bale to connect to your service
What are the major problems with using the connectionless UDP protocol?
Almost all info in UDP messages can be spoofed
What is the NXDomain problem?
Attack will request non-existent domains to maximize resource usage
Forces DNS server to search entire DNS table for a match using up valuable time and memory to do so
How can you prevent DNS flooding?
- Redundancy: Use more than one name server
- Third party traffic monitoring
What is ICMP flooding?
Attacker sends fake pings with ICMP to many servers using the victims IP address as the source
Servers respond to pings, sending all traffic to the victim overwhelming their connection
What is a DNS Amplification Attack or DNS reflection?
Attack makes DNS requests using the victims IP address as the source IP
Resulting in the DNS responses being directed to the victim
What are the benefits of amplification for the attacker?
- Helps minimize the amount of bandwidth the attacker needs to use
- Increases efficiency in bandwidth use
- Helps hid the attacker
How is amplification calculated?
Response size / Request size
What does an amplification factor of 1 mean?
The request and response are the same size
How can you defend against amplification?
Not much can be done unless you
- Disable DNS/port 53
- Use a third party firewall
