Analysis and protection strategy of DNS DDoS attacks (i)

The DNS system, as the core service of the Internet, undertakes the analytic work of the correspondence between the domain name and IP address, and most of the Internet uses domain name as the main way of addressing, and the domain name as the identity on the Internet is the unique identification resource that cannot be duplicated. The globalization of the Internet makes the domain name a national strategic resource to identify the sovereignty of a country.

The author of this paper has many years of experience in the construction and maintenance of DNS system, and attempts to introduce the reasons, classification, attack modes and protective measures of DNS DDoS attacks in detail.

I. Overview of DNS DDoS

1.1 What is a DNS DDoS attack

The meaning of DDoS is distributed denial of service attacks, denial of service is the target, distributed is the attack mode, DNS DDoS attack is to take all possible means, so that the DNS system can not provide services for normal users. For example, server crashes, network congestion, domain name invalidation.

1.2 The consequences of a DNS DDoS attack

DNS is the core service of the Internet, DNS DDoS attacks lead to the consequences, small to make a dedicated line users or even Internet cafes can not access, big to make a famous website paralyzed, a province, the country, or even the world's internet paralysis.

1.3 Reasons for DNS DDoS attacks

As the saying goes, "No profit does not rise early", the economic benefits are the fuse, the game, * * *, e-commerce, and even the malicious competition between Internet cafes, are leading to the DNS DDoS attack the primary cause.

Secondly, since the domain name has become a national strategic resource to identify the sovereignty of a country, the dispute between nations will inevitably revolve around DNS.

1.4 Why DNS is the preferred target for hackers

• • The goal is clear: Most applications use domain name as the main addressing method, the domain name paralysis is the service paralysis;

  • Cloud computing and Cdn:dns are the foundation of cloud computing and CDN implementations, and attacking DNS is attacking cloud computing and CDN Networks

  • Open System: The DNS system must be open and uninterrupted, and anyone can initiate a domain name request to the DNS system;

  • Low technology threshold: DNS attack software is available everywhere, a small software can launch a DDoS attack;

  • Stealth: DNS uses UDP protocol, can be very good concealment of their own not to be traced;

  • High-destructive: DNS system is not only for a single user or domain Name service, DNS system paralysis will affect a large number of users and websites;

1.5 Why DNS DDoS attacks are difficult to protect against

• • Openness: The open system determines that DNS must accept all user requests unconditionally, including DDoS attacks;

  • Difficult to identify: DNS attack messages are normal DNSUDP requests, common DDoS protection equipment is difficult to identify;

  • Multiple attack mode: consume the server resources and bandwidth resources of DNS server in many ways;

  • Collateral damage: A single DNS server or domain name paralysis can cause other DNS system paralysis, Domino may collapse at any time;

To be continued: The following section describes the types of DNS DDoS attacks

This article is from the "Scarecrow Garden" blog, please be sure to keep this source http://dcrhy.blog.51cto.com/10404722/1660788

Analysis and protection strategy of DNS DDoS attacks (i)