DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique.
Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced that it has successfully mitigated the largest DNS reflection attack ever recorded, which peaked at 167 Gigabits per second (Gbps). The company did not name the target of the digital assault.
DNS-reflection was the attack method used in Operation Stophaus, an attack waged in March by The Spamhaus Project, a Geneva-based not-for-profit organization dedicated to fighting Internet spam. When Spamhaus was assaulted by a vast 300Gbps peak DNS reflection attack, it engaged the help of a content delivery network (CDN) called CloudFlare to help defend itself.
The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to the target.
The target of the attack receives replies from all the DNS servers that are used. This type of attack makes it very difficult to identify the malicious sources.
Prolexic’s digital forensics confirmed that 92 percent of the machines participating in the attack were open DNS resolvers, sourcing from port 53, which represented a malformed DNS response. The security provider recommends that all organizations proactively validate their DDoS mitigation service to reduce possible downtime, despite the size of the attack.
Many services can be exploited to act as reflectors, some harder to block than others. DNS amplification attack involve a new mechanism that increased the amplification effect, using a much larger list of DNS servers than seen earlier.
About the Author: