Analysis of DNS amplification attack principles

Source: Internet
Author: User

Like smurf

Currently, many DNS servers support EDNS. EDNS is an extended DNS mechanism, which is introduced in RFC 2671. Some options allow the DNS to reply to more than 512 bytes and still use UDP, if the requestor points that it can handle such a large DNS query. Attackers have used this method to produce a large amount of communication. By sending a query of 60 bytes to obtain a record of about 4000 bytes, attackers can increase the communication volume by 66 times. Some of these attacks have produced a lot of traffic per second, and even more than 10 GB of traffic per second.

To implement such an attack, the attacker first needs to find several third-party DNS servers (most DNS servers have such settings) that represent someone on the Internet performing cyclic queries ). Because circular query is supported, attackers can send a query to a DNS server, which then sends the query (in a circular manner) to a DNS server selected by the attacker. Next, attackers send a DNS record query to these servers, which is controlled by attackers on their own DNS servers. Because these servers are set to loop queries, these third-party servers send these requests back to attackers. The attacker stored a 4000-byte text on the DNS server for this DNS amplification attack.

Because the attacker has added a large number of records to the cache of a third-party DNS server, the attacker then sends DNS query information to these servers (with the EDNS option to enable a large number of replies ), in addition, the DNS server uses spoofing methods to make the DNS server think that the query information is sent from the IP address that the attacker wants to attack. These third-party DNS servers use the 4000-byte text record to reply, and flood victims with a large number of UDP packets. Attackers send millions of small and fraudulent queries to third-party DNS servers, which will use a large number of DNS response packets to overwhelm the victim.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.