A DNS amplification attack is a Distributed Denial of Service (DDoS) attack.
What makes DNS servers a popular choice for amplification attacks is that their Internet infrastructures are designed to field millions of requests a minute and are connected to high-bandwidth links to deal with this volume of traffic. So, the perpetrator takes advantage of the DNS server’s behaviour to amplify the attack and turns initially small queries into larger payloads that help to bring down the servers.
DNS servers are responsible for resolving domain names into IP addresses. DNS amplification attacks send out DNS queries with the victim's forged IP address to an open DNS resolver, prompting it to reply to that address with a DNS response. With numerous fake queries being sent out, the network can quickly become overwhelmed by the sheer volume of DNS responses. This flood of bogus traffic will then slow down the network or produce non-existent connections.
A DNS amplification attack is a nightmare for companies because it’s difficult to deal with and all users rely on DNS servers to access the Internet. Its impact is negatively felt as it disrupts workflow. This type of attack seems to have increased and Nexus Guard’s second-quarter Threat Report for 2019 confirms it. There has been a 1 000% spike in amplification attacks compared with the same period in 2018. Nexus Guard evaluates thousands of attacks worldwide each year, so the company has a clear understanding of what’s happening.
How are attackers gaining access?
The best answer for this is poor management hygiene. This means that some servers fulfil a specific purpose, but have no access controls in place, have been forgotten, left unmanaged or been unintentionally exposed to the Internet. To guard against this, you must ensure that your attack mitigation technology is advanced enough to ensure server availability to legitimate end users.
Effective DDoS protection
DDoS mitigation protects a targeted server or network from a DDoS attack by using specially designed network equipment or a cloud-based protection service to mitigate against the incoming threat. Equip yourself with the right defences to deal with amplification attacks if they happen.
Our DDoS Protection and Mitigation solution will protect your organisation from the consequences of even the most advanced, robust attacks. It detects when you’ve been compromised and notifies you so you can act to counter it immediately. This is a fully managed service so you don’t have to invest in, and maintain, hardware and software that’s required to monitor and manage potential threats.
Still on the fence about whether to keep your cybersecurity in-house or outsource it? Then read our cybersecurity fact sheet.