DNS servers tend to be large and powerful machines with asymmetric traffic patterns. This leads to them being excellent tool for DDoS amplification attacks. In this Short Take, Russ takes a look at how DNS amplification works and some of the mitigating factors that can be taken to reduce the risk.
Russ White
Podcast: Play in new window | Download
Network Collective Ad Free Content: (Protected Content)
Hi Russ,
[between 2:15 – 2:30]:
> In other words, they don’t spoof a host requesting a DNS response from
> a recursive server. In most attacks, the attacker uses a TLD or authoritative
> server as their reflector.
Do you have any numbers on how often that happens, i.e. attacks misusing resolvers vs. attacks misusing authoritative servers?
Also, is there any research paper looking into this?
Thank you!
Best,
Marcin