Computer ForumsComputers  

Go Back   Computer Forums > PC Technology Zone > Computer Networking & Internet Access > Networking Tips, Tricks & FAQ

Reply
 
LinkBack Thread Tools Display Modes
Old 05-04-2006, 03:17 PM   #1 (permalink)
Dope Tech
 
Join Date: Jan 2004
Posts: 3,589
Send a message via ICQ to office politics Send a message via AIM to office politics Send a message via Yahoo to office politics
Default DNS Amplification Attacks

DNS Amplification Attacks
Preliminary release
Randal Vaughn and Gadi Evron
March 17, 2006


Abstract

This paper outlines a Distributed Denial of Service (DDoS) attack which abuses open recursive
Domain Name System (DNS) name servers using spoofed UDP packets.
Our study is based on packet captures and logs from attacks reported to have a volume of 2.8Gbps. We
study this data in order to further understand the basics of the reported recursive name server
amplification attacks which are also known as DNS amplification or DNS reflector attacks. One of the
networks under attack, Sharktech, indicated some attacks have reached as high as 10Gbps and used as
many as 140,000 exploited name servers. In addition to the increase in the response packet size, the
large UDP packets create IP protocol fragments. Several other responses also contribute to the overall
effectiveness of these attacks.

The risks involved with the recursive name server feature, as well as those of packet spoofing are well
known, yet have been treated more as a theoretical issue. The attack under study was anticipated as
early as 2002 (gnupg 2002). Earlier attacks using queries to non-authoritative servers were for a
reflection attack usingMX records (Mirkovic, Dietrich, Dittrich. and Reiher). To our knowledge, this
is the first documentation of a new form of a recursive name server reflection attack designed to use
the significantly larger data amplification available from the extended capabilities of extended DNS
standards . In addition to this attack technique, recursion can be leveraged for other uses such as theft
of DNS resources (CERT UNI-Stuttgart 2003).
__________________
Tech IMO.com | ExtremeTech.com | ASP Free.com | SysOpt.com | Tech Support Guy.org
DB Forums.com | Cyber Tech Help.com | Lazy Forums.com | Warrior Nation.net

'If you don't stand for somethin you'll fall for anything' - Dr. Dre Been there, done that
office politics is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 02:13 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0