DNS Reflector and Amplification Attacks

Using this newest attack form, DNS reflector and amplification attacks, cybercriminals can cripple servers on the internet far easier than they did before, because these DNS DDOS attacks reflect back more data than is sent, up to 73 times more data.

“DNS is now a major vector for DDOS,” Dan Kaminsky, a security researcher said, referring to distributed denial-of-service attacks. “The bar has been lowered. People with fewer resources can now launch potentially crippling attacks.”

Just as in any DDOS attack, the target system–which could be a victim’s Web server, name server or mail server–is inundated with a multitude of data coming from multiple systems on the Internet. The goal is to make the target unreachable online by flooding the data connection or by crashing it as it tries to handle the incoming data.

A single DNS query could trigger a response that is as much as 73 times larger than the request, according to a recent paper by Randal Vaughn, a professor of information systems at Baylor University, and Gadi Evron, the manager of the Computer Emergency Response Team at Israel’s ministry of finance.

“Relatively small DNS requests can be employed to cause significantly larger replies from a name server to the spoofed IP address,” Vaughn and Evron wrote. Source: News.com

This attack is a lot harder to detect, and does a lot more damage. But, there will probably always be somebody looking to do damage like this and there will always be some new way to do it. Business as usual on the net frontier.