DNS servers are the traffic cops of the internet: They get everybody where they need to go. If DNS servers go down, users can’t reach the sites they need. If you’re a business, a DNS failure can stop you in your tracks and send your customers fleeing to your competitors.
DNS servers are critical – the internet wouldn’t function without them – but they can be used against you, too. Those same DNS servers that keep your business running can be exploited by hackers to launch massive DDoS attacks. These hackers can use open DNS servers to generate a flood of queries, which can quickly take the victim’s server offline.
Think of it like a fraudulent pyramid scheme. Let’s say you have a con artist who targets 10 potential victims every day. But then, let’s say you get each of those 10 victims to target 10 more potential victims…and so on. The number of potential victims increases exponentially. That’s amplification, and it’s exactly what happens when hackers launch a DNS-based DDoS attack.
Sometimes, hackers will use an array of vulnerable DNS servers to overwhelm a victim’s server with traffic. Instead of being limited to the number of queries they can send out on their own, they enlist a bunch of unwitting DNS servers to do it for them: amplification. And, if they intentionally design the queries to elicit a large number of responses, the impact is even greater.
Another way hackers use DNS servers to launch DDoS attacks is by flooding the servers with requests for non-existent web sites. The servers keep sending requests that are never answered. All of those open requests gobble up resources. And, if the server is caching bogus results, resources are depleted even faster.
Hackers can also bring down a DNS server by flooding it with fake responses. It keeps the server engaged with what is essentially “junk mail,” tying up resources that would otherwise be used for legitimate business purposes.
If that sounds like a lot of trouble for hackers to go to, it isn’t. These attacks are surprisingly easy and inexpensive to carry out, which is why they’re so common. According to an article in SC Magazine, 66 percent of U.S. organizations have experienced a DNS attack in the last 12 months. The survey, which included 300 IT decision-makers from companies with at least 1,000 employees, also revealed that 74 percent of the respondents who reported a DNS attack had experienced a DDoS attack aimed at slowing down their network or taking it completely offline.
Those statistics reveal the startling truth that, if you haven’t yet been the victim of a DDoS attack, you’re in the minority. Shawn Marck, CSO of cybersecurity company Black Lotus, agrees. “You will, eventually, be the target of a DDoS attack,” he explains. “It’s inevitable. Nobody is too big, nobody is too small, and nobody is too obscure. Sometimes it’s an unsatisfied customer; sometimes it’s a disgruntled employee. And, a lot of times, it’s just somebody who’s bored and wants to prove that they can do it. And when you’re dealing people who commit cybercrime as entertainment, there doesn’t have to be a reason. If you’re online, you’ll eventually be targeted.”
Tags: Amplification attacks → Application Layer DDoS → DDoS attacks → DDoS mitigation → DDoS protection → DNS-based DDoS
By Frank Ip → Wednesday, February 25, 2015