 |
VeriSign Reports on DDoS Amplification AssaultDNS DDoS amplification attacks on the riseMarch 17, 2006 - VeriSign recently release information showing an increase in a new type of Distributed Denial of Service (DDoS) attack that could pose high Domain Name Service (DNS) server security risks to companies all over the world. This new type of DDoS attack is called an amplifier attack and takes advantage of poorly configured DNS servers and companies lacking in sufficient DNS security. In a typical DDoS attack, the attackers use a botnet to directly attack a DNS server and flood it with huge amounts of data. In an amplifed DDoS attack, cyber criminals use a botnet to send spoofed requests to DNS servers. Because of a default process (known as recursion), the DNS servers accept the queries and reply to the "sender". However, the listed sender's IP has been spoofed and replaced with the IP of the targeted server. Because a DNS response is larger, it amplifies the DDoS attack. The amplified DDoS attack offers huge potential for hackers. By using as few as 200 PCs (bots) with basic DSL lines, a DDoS attacker can generate up to 8Gbps of bogus server requests. More alarming is that some Russian hacking crews offer botnets of 1000 PCs at a price of just $25(US). The bots can be armed with any kind of malware and can attack virtually any target on the Internet. VeriSign reported that more than 1,500 organizations were attacked in January and February. The company estimates that more than 50,000 recursive DNS servers were used in these attacks. Source: Computerworld About Secure64 Software Corporation
|
|
|