DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Denial of Service Attack Stop DDoS
Attackers could abuse DNSSEC-secured domains for DDoS attacks: report
August 18, 2016

A majority or 80% of DNSSEC-secured domains could be used to amplify distributed denial of service (DDoS) attacks, at an average factor of 28.9 times, according to a recent report by Neustar which studied nearly 1,350 domains with DNSSEC deployed.

The report points out that the domains had not properly deployed DNSSEC-signing of their domains, leaving them vulnerable to DDoS attacks.

“Neustar has correctly pointed out the additional amplification factor related to misconfigured DNSSEC vs. legacy DNS, where the inclusion of the digital signature allows for a somewhat higher than a normal DNS amplification attack,” says Corero Network Security COO Dave Larson, in a statement.

“However, the point that must be stressed related to this or any other DDoS amplification vectors is that operators of any network – whether they include DNS service or not – should have their networks configured not to respond to spoofed IP requests.  In addition, DNS operators should configure their DNS servers not to respond to ‘ANY’ requests in order to squelch the opportunity for the server to be leveraged for malicious use.”

Larson adds that on the flip side, the impact to the receiving end of the attack can be especially problematic. The fragmented and amplified attack technique, utilizing DNS or DNSSEC can cause outages, downtime and potential security implications for Internet Service Providers if they are relying on out-of-band DDoS protection mechanisms. Furthermore, organizations relying on traditional IT and security infrastructure such as firewalls and load balancing equipment are no match for these attacks.

“A comprehensive in-line and automatic mitigation method for removing DDoS attacks is the recommended approach for dealing with all types of DDoS attacks – DNS and beyond,” noted Larson.

Source: http://www.networksasia.net/article/attackers-could-abuse-dnssec-secured-domains-ddos-attacks-report.1471485281

About author


Strengthening efficiency and security: Eastern Communications launches upgraded cloud services and cyber defense

A majority or 80% of DNSSEC-secured domains could ...

Read more

Mirai descendants dominate IoT threat environment

A majority or 80% of DNSSEC-secured domains could ...

Read more

Wikipedia fights off huge DDoS attack

A majority or 80% of DNSSEC-secured domains could ...

Read more

There are 0 comments