Amplified DNS threat to your business
13th November 2006
DNS is critical for any organisation - ensuring external availability to your services and providing a reliable infrastructure for your internal users are both Business Critical factors for any organsiation. Failure to have correctly deployed and configured DNS can have significant impact on your network.
A recent survey has found that in 50% of cases DNS servers allow recursive name resolution that often requires a name server to relay requests to other name servers. Although this is not necessarily a bad thing, it can open the company's users to phishing attacks (as the banking and other sites visited by users can be identified).
There are now DDoS attacks that use open DNS servers as amplifiers, sending small packets to a computer that then sends large packets to the victim, making it possible to send more data to the victim. DNS request packets (typically 75 bytes) are sent with a forged (in this case that of the victim) source IP address. The responses can be up to 4000 bytes - an amplification of over 50 times . The response packet is sent back to the victim.
To put this into context - a single dialup machine can cause 2Mbps traffic to be directed at a remote host flooding the connection.
Imerja is very experienced in the deployment and securing of DNS infrastructures, and would be happy to review your DNS infrastructure to ensure that your systems are not open for abuse. To find out more, or for an informal discussion about the potential threats and how to best address them, please contact us at firstname.lastname@example.org, or simply click on our "Ask the Expert" link.