DNS - New weapon of mercenary DDOS

Increasingly, denial-of-service attacks are being used by cyber criminals to take down enemies and sabotage online business as ordered.

Source: Pctipp

Taking advantage of DNS servers - which are considered Internet directories, hackers have amplified the power of DDOS attacks to the maximum, and of course, their goals do not have any resistance. Any distance.

Earlier this year, VeriSign tasted "pain" when its network hit a wave of attacks and unprecedented large scale. It wasn't until last week that VeriSign discovered that these "bullets" didn't come from the usual botnet computers. Instead, they had to "catch up" from the DNS domain name server.

New weapons, new forms

" DNS is now a new DDOS weapon ," said security expert Dan Kaminsky. Along with new weapons, denial of service attacks also have a lot of changes, from goals to difficult levels. " Now, even those who do not have a slave computer to dictate can go ahead ."

Whether it is using a botnet or a DNS server, the target system (possibly a Web server, name server or mail server) suffers from the same outcome - they are swept away by a huge stream of data , simultaneously gathered from many places on the Internet. As a result, the victim's website will not be accessible in any form, or hang when trying to handle the data that comes back.

Quick questions - A quick answer

Why can DNS be exploited to implement DDOS?
Up to 75% of DNS servers are too open to requests from the Net. This request response feature needs to be disabled by the administrator as soon as possible.

How to attack DDOS using DNS?
First, hackers use a botnet to send multiple requests to the DNS server, causing the server to "open". These requirements are cleverly falsified so that DNS thinks they come from the target of being attacked. Meanwhile, the DNS server will respond to the target address itself and flood this address.

Where does the level of DNS amplify?
A request from the bot network can be amplified up to 70 times by a small DNS server.

Why use DNS to help protect hackers?
Because the data traffic flooded the victims without coming from the hacker botnet, but from the DNS server. We will have a hard time going to the real culprit computer network.

Why can't this form of attack be prevented?
Because DNS plays a vital role with the Internet. If a company blocks its DNS server itself, legitimate users will no longer be able to send email and access its website. The denial-of-service attack was once the "toy" tool of boring life-threatening guys, considering taking down the website as a pastime. But now, DDOS attacks are sometimes carried out by cyber criminals to blackmail e-commerce businesses, especially high-value businesses like gambling sites or xxx. If businesses refuse to pay them a sum of money, their website will flood in DDOS.

In other cases, it is the competitors of the target website that have launched a hiring of hackers to conduct DDOS attacks, of course in a secret and closed way.

Unlike computer slaves, DNS servers are a "good citizen and value" of the Internet. This system plays an essential role in connecting Web users together, mapping character domains such as www.cnet.com with numerical IP addresses that computers often use.

In the new attack, hackers often use a botnet to send multiple requests to the DNS server at the same time, causing the server to open. These requirements are cleverly mocked so that the DNS server thinks they come from a compromised target (being flooded in the data stream). Under the normal process, the DNS server will respond (or resolve from the address to the IP number) to that network address, and consolidate all of the address resolution requests to the item. Harmful pepper.

Using DNS servers has a lot of benefits to attackers. They not only hide their true system, making it difficult for the victim to trace the source of the attack, but more importantly, the DNS server will amplify the power of the attack dozens of times. compared to botnet.

Dirty form

Using DNS servers to amplify attack intensity can be compared to stuffing someone's mailbox by writing lots of mail and sending them. However, mail is very easy to trace, moreover, you lose a lot of writing time.

A more efficient way is to send a series of postcards for replies (like magazines), with the sender address pre-filled with the target being attacked. The DNS server will be tricked and it will respond to that request.

It is often possible to block DDOS attacks with botnets by blocking the flow of data sent from zombie computers (zombie identification is possible). However, blocking requests from DNS servers is much more headache. Because the DNS server plays a huge role in the normal operation of the Internet. If you block the traffic (going and coming) of your DNS server, you will inadvertently prevent legitimate users from sending or visiting other websites.

" That's the reason why this form of attack is so dirty ," said Rob Fleischman, chief technology officer at Simplicita. " Certainly in the future, the DNS system will be abused, and we need to have more security control mechanisms for DNS ."

Can't be lazy

There are about 7.5 million active DNS servers, and the number of "hospitable" servers, ready to accept any outside requests that cannot be estimated, can be 600,000 which could also be 5, 6 million devices.

The advice given by security is that organizations that are using DNS servers should immediately turn off the "recursive" feature mentioned above, or adjust the security settings so that only authorized people have access to it. This feature. The goal of DDOS attacks can protect itself by applying special defense technologies by firms like Prolexic Technologies.

DNS is increasingly being exploited widely in DDOS attacks and it's time for administrators to be lazy to ignore it.

Thien Y