August 2, 2006 - A huge surge in DNS amplification attacks has been observed on the Internet. Unlike regular DDoS attacks or the earlier Smurf attacks, DNS amplification does not attack directly from the botnet, but rather from other DNS servers.
Hackers adopted this new strategy because they found it easy to exploit the recursive DNS look-up feature enabled on about 75% of the Internet's 7.5 million DNS Servers. In a DNS amplification attack, the victim website or DNS server is flooded with massive amount of data requests (several gigabits per second). Hackers send a request of 60 bytes to the recursive DNS to retrieve a file of 4,000 byte, achieving an amplification factor of 66. Third-party DNS severs are used both to amplify the attack and to conceal the actual attack source.
DNS servers play a vital role on Internet by translating site names into computer understandable IP addresses. When a zombie pc is used as an assailant, the attack can be mitigated by blocking the source traffic, but when poorly-configured DNS servers that have been compromised are used, the servers cannot be blocked without disrupting service to many Internet users.
To avoid having a DNS server used for such an attack, it is advised that DNS administrators disable the recursive look-up feature, except where it applies to servers within the organization's own network.
Source: SearchSecurity
About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.