is your DNS server ready for a dns-flood attack of 100MBPS or 90million requests a second ?

why use an amplification trick - which shows malicious intent when you can just do a DNS demand and get the machine down anyway ?

"DNS floods attacks are symmetrical DDoS attacks that works by sending thousands of rapid valid DNS requests to the targeted server, thereby giving the server more traffic than it can handle resulting in slower and slower response times for legitimate requests.

DNS servers provide the roadmap to the Internet, and help clients find the servers they are looking for, but a DNS floods attempt to exhaust server-side assets (for e.g., memory or CPU) with the large number of UDP requests generated by the malicious scripts running on several compromised botnet machines. The packets sends per seconds are even larger in this case compare to DNS amplification attack.
Currently researchers at the DDoS protection service are mitigating with this attack with just one of their servers, that can process upto 170Gbps/100Mpps worth of traffic at an inline rate.
this is an interesting question for an exercise
and it all comes back again to simple stupid hardware
if you ain't got the hardware you ain't got shit
you can't go to the war without tanks, airplanes and soldiers
and the more you have of them, the easier it will be to win the war
so cold standby contracts will become even more important as they can be activated anytime to add more bandwith or transfer dns services to more available servers
most networks have very simple dns servers and no extension plan

The comments are closed.