Interpreting DNS attacks: A time bomb for future cyber security threats

2013 DDoS attack targeting DNS

March 18, 2013, the International Anti-Spam organization website Spamhaus began to suffer from DDoS attacks, to March 27, the peak attack traffic has reached 300Gbps, the history of the largest DDoS attack. The attack caused network congestion in the European region. The entrance to this attack is DNS. An attacker uses a large number of open DNS servers in the current network to easily magnify the attack traffic by 100 times times with a DNS reflection attack. The use of open DNS server for amplified DDoS attacks proves that the DNS security vulnerabilities are large. and open DNS servers on the Internet a large number of more than 30,000 units, that is, the attack on DNS can be too large to you imagine.

Open DNS server is a time bomb

An attack that has caused the entire European network to be fundamentally paralysed is enough to scare people. And this attack also makes people realize: Open DNS server is the time bomb of the Internet, if not governance, one day in the future will be a larger scale of DDoS attacks. This DDoS attack against Spamhaus only affects the normal access to the entire European Internet, and there will be a day of attacks that affect the normal access to the global network, so that the global loss is so great that we must face and solve the problem.

Analysis of current situation and trend of DDoS attack

Statistical data show that DDoS attacks against the application layer are on the rise, and DDoS attacks against HTTP applications have accounted for 89.11% of the total attack. In the future, in order to reduce the cost of attack, effectively hide the attack source, evade the security equipment, and ensure the attack effect, DDoS attack types for data centers will focus on small traffic application layer attacks and various slow attacks. In the next few years, the IPV4 network will gradually evolve to IPv6. Hybrid attacks against IPV4 and IPV6 networks will soon become a new threat to DDoS attacks, and many IPv4 and IPV6 protocol conversion gateway devices will also be targeted for DDoS attacks.

In short, DDoS attacks are the main theme of future DNS attacks.

How to do DNS protection?

Improve server anti-attack capability

DNS servers are an important part of the Internet infrastructure, and strengthening the server's ability to attack is the most effective way to withstand DDoS attacks at present. By the Nanchang State Teng Technology launched the national leading high anti-Dnsdun, using its high anti-computer room of the super hardware equipment, for the security of DNS to build a safe protection wall, at least to defend the 200Gbps attack, can defend the current majority of DDoS attacks.

Timely detection of attack warning mechanism

A feature of a DNS amplification attack is that the initial traffic request is very small and easily overlooked, and it is out of the way when it is finally discovered. Therefore, timely detection of the existence of attacks and the adoption of effective measures is the best way to resist. Dnsdun belongs to the high prevention of the computer room, the national leading technology, for network attacks have a comprehensive emergency mechanism, and arrangements for senior technical personnel 24 hours on duty, close to the network situation, once the emergence of network anomaly is the start alarm mechanism, the whole network into a defensive state, the normal operation of the network. So Dnsdun's defensive ability is very trustworthy.