DNS recursion leads to nastier DoS attacks
Published: 17 Mar 2006 10:05 GMT
A new kind of denial-of-service (DoS) attack has emerged that delivers a heftier blow to organisations' systems than previously seen DoS threats, according to VeriSign's security chief.
The new DoS attacks first emerged in late December and kicked into high gear in January, before dying down four weeks ago, said Ken Silva, VeriSign's chief security officer. In less than two months, 1,500 separate IP addresses were attacked using this method, he noted.
"These attacks have been significantly larger than anything we've seen," he said.
Under a more common distributed DoS (DDos) attack, a botnet — a network of compromised PCs being remotely controlled — directly inundates a victim's Web server, name server or mail server with a multitude of queries. The goal of a DoS attack is to crash the victim's system or take their Web site offline, as either tries to respond to the requests.
But in this latest spate of DDoS attacks, bots are sending queries to DNS servers with the return address pointed at the targeted victim. As a result, the DNS server, rather than the bot, makes the direct attack on the victim. The net result is a stronger attack and an increased difficulty in stopping it, Silva said.
While it is possible to stop a bot-delivered DDoS attack by blocking the bots' IP addresses, blocking queries from DNS servers would prove more difficult, Silva said. He noted that companies could reconfigure their DNS servers to prevent the so-called recursive name service feature, as a possible solution. But he added that companies may be loath to prevent potential customers, partners, researchers and others from sending queries to their DNS.
Did you find this article useful?
99 out of 181 people found this useful
- Share this article:
