Problem solve Get help with specific problems with your technologies, process and projects.

How to protect the network from DoS attacks

In this Ask the Expert Q&A, our security threat expert, Ed Skoudis, discusses how a new type of DoS attack operates and what you can do to protect your network.

We're hearing a lot about DoS attacks that target DNS servers. Should we be concerned, and if so, how can we protect our network?
Yes, you should be concerned. These powerful attacks use DNS servers to amplify the traffic generated in a denial of service flood. To prevent this, configure your DNS servers to perform recursive look-ups for only your other DNS servers, not for any person on the Internet. That will reduce the chance that attackers can load large records into your DNS server's cache and use you as a flooding amplifier. Also, make sure you have an adequate amount of bandwidth for your critical Internet connections. A single T1 can be easily exhausted by any script kiddie these days, so go for more if you can afford it. Make sure you have your ISP's emergency phone number on hand in advance, so that in the event of an attack, you'll be able to call for throttling help quickly.

Finally, some ISPs are deploying flood auto-detecting and auto-blocking technologies to help find traffic patterns...

of floods and thwart the attack before the ISP's customers notice. Ask your ISP what technologies they are using and emphasize your need for such protection.

To learn more about this attack, read this paper, http://www.isotf.org/news/DNS-Amplification-Attacks.pdf.

This was last published in May 2006

Dig Deeper on DDoS attack detection and prevention