Reflected DNS Attack on UltraDNS

Hackers flood DNS services affecting thousands of companies just to get at one

May 19, 2006 - UltraDNS, the authorative DNS provider for all .org and .uk websites, was the target of a massive Distributed Denial of Service (DDoS) attack. The company was targeted by the DDoS attack because it provided Domain Name System services to Prolexic. At that time, Prolexic was trying to stop an attack on the Blue Security company and crackers (criminal hackers) managed to disrupt Prolexic service by targeting its main DNS provider. DNS is the service that translates human-readable domain names into numeric Internet addresses.

UltraDNS also markets DNS Shield to protect against certain Internet attacks, but it did not help in this instance. The attack is known as a DNS Amplification Attack or a "reflected DNS attack". Crackers use poorly configured DNS servers to send a huge number of spoofed DNS requests to the targeted system. The system sees the incoming requests as coming from legitimate trusted servers and can not distinguish the compromising requests from the real ones. This attack resulted in a flood of the DNS requests to UltraDNS with traffic as high as 4-5 gigabits per second.

The attack on UltraDNS disrupted service for about 80% of its clients. More than 2000 companies were made unavailable for the duration of the attack, including Prolexic.

Source: Tech-Knowledger

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.

DNS Security News Index