Ask the Expert

How to protect the network from DoS attacks

We're hearing a lot about DoS attacks that target DNS servers. Should we be concerned, and if so, how can we protect our network?

    Requires Free Membership to View

Yes, you should be concerned. These powerful attacks use DNS servers to amplify the traffic generated in a denial of service flood. To prevent this, configure your DNS servers to perform recursive look-ups for only your other DNS servers, not for any person on the Internet. That will reduce the chance that attackers can load large records into your DNS server's cache and use you as a flooding amplifier. Also, make sure you have an adequate amount of bandwidth for your critical Internet connections. A single T1 can be easily exhausted by any script kiddie these days, so go for more if you can afford it. Make sure you have your ISP's emergency phone number on hand in advance, so that in the event of an attack, you'll be able to call for throttling help quickly.

Finally, some ISPs are deploying flood auto-detecting and auto-blocking technologies to help find traffic patterns of floods and thwart the attack before the ISP's customers notice. Ask your ISP what technologies they are using and emphasize your need for such protection.

To learn more about this attack, read this paper, http://www.isotf.org/news/DNS-Amplification-Attacks.pdf.

This was first published in May 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: