Zoominvest Learns About DDOS the Hard Way

Recursive DNS Servers Can Be Used to Attack Other DNS Servers

On 22 March, 2006, Zoominvest suffered from a new kind of DDoS attack that kept the site offline for days. The website was brought down by unknown attackers. At that time, little was known about this new threat, so defending against it was very expensive.

In older DDoS attacks, a network of virus-infected computers would send huge amounts of requests directly to a DNS or website server causing it to be flooded or overloaded. The new DDoS attack uses these same botnets to send bogus queries to other, third-party DNS servers. These servers (with recursive features enabled) are deceived by the requests and think the requests are coming from the victim's server. Thousands of contacted servers reply to the victim's server all at the same time. Because a DNS reply is bigger than a request, the amount of data being sent to the targeted server is huge.

Over 1,500 IPs were attacked by this kind of DDoS in only two months. These new recursive DDoS attacks are significantly larger than anything seen before. To avoid being party to such an attack, hosting administrators can turn the recursive feature off in their servers.

Source: Passive Revenue

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.

DNS Security News Index