We're hearing a lot about DoS attacks that target DNS servers. Should we be concerned, and if so, how can we protect our network?
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
Yes, you should be concerned. These powerful attacks use DNS servers to amplify the traffic generated in a denial of service flood. To prevent this, configure your DNS servers to perform recursive look-ups for only your other DNS servers, not for any person on the Internet. That will reduce the chance that attackers can load large records into your DNS server's cache and use you as a flooding amplifier. Also, make sure you have an adequate amount of bandwidth for your critical Internet connections. A single T1 can be easily exhausted by any script kiddie these days, so go for more if you can afford it. Make sure you have your ISP's emergency phone number on hand in advance, so that in the event of an attack, you'll be able to call for throttling help quickly.
Finally, some ISPs are deploying flood auto-detecting and auto-blocking technologies to help find traffic patterns of floods and thwart the attack before the ISP's customers notice. Ask your ISP what technologies they are using and emphasize your need for such protection.
To learn more about this attack, read this paper, http://www.isotf.org/news/DNS-Amplification-Attacks.pdf.
This was first published in May 2006