Fri, 7 Feb 2025
22.7 C
Durban

Tactics for DNS infrastructure defense

Home Engineering ICT Tactics for DNS infrastructure defense

FOR something so important, many businesses take a lot of the services provided by Domain Name System (DNS) for granted. But DNS availability is critical for anyone providing services or content across the internet.

That’s according to testing and measurement specialists Comtest, which cited a number of high-profile, high-impact attacks against DNS over the years.

“For example, the 2016 Mirai attacks against DNS service provider DYN impacted millions of users of services such as Netflix,” the company said in a statement.

There are several types of common DNS attacks. The Mirai attackers used a distributed denial-of-service (DDoS) attack to make DNS unavailable. Using a technique known as Water Torture, the attackers used a botnet to generate DNS queries for millions of random hosts, putting a huge load on the DNS infrastructure and rendering it unavailable for genuine user queries.

“Bad actors can also leverage DNS to attack third-party targets by using reflection or amplification attacks to generate large-scale volumetric attacks,” the company warned.

A DNS reflection/amplification attack uses a botnet to generate DNS queries using the source IP address of the intended DDoS victim.

The DNS servers innocently send their large volume of responses back to the victim, creating traffic volume as much as 10 to 100 times higher than that generated by the original botnet. Once the limits on bandwidth for the network, server, or application are reached, the circuit becomes unavailable.

Comtest recommends the following tactics to build a holistic defense strategy for defending against DNS DDoS attacks:

  • Current threat intelligence. Threat intelligence is a crucial tool for DDoS detection and mitigation. Security personnel and DNS administrators must not only be aware of the latest DNS exploits but also understand how the exploit works, and what it does to fully understand the impact on DNS infrastructure.
  • Regular audits.  Proper maintenance is critical. Organizations must include DNS infrastructure in periodic, realistic tests of the organization’s DDoS mitigation plan, as well as regularly audit and properly configure DNS servers.
  • Network visibility. Companies must be able to quickly detect abnormal DNS traffic, including both application-layer and volumetric reflection/amplification DNS vector attacks. To accomplish this, you will need visibility and fast detection at Layer-3/4 and Layer-7 of the network.
  • Orchestrated mitigation.  Companies can orchestrate multiple methods of mitigation, including their own network infrastructure, dedicated DDoS migration products, and for network operators, information sharing with other operators. By implementing such an orchestrated mitigation strategy, companies can strategically assign different methods of mitigation to different attack vectors.

Click here to find out more about NETSCOUT – bit.ly/3nCVlX7

Most Popular

First stage of large-scale dagga project underway

AN initial R100 million investment in an indoor cannabis cultivation project by Medigrow at the Coega special economic zone in Gqeberha got underway in...

January new vehicle sales spark optimism

NAAMSA | The Automotive Business Council expressed optimism that the positive momentum of the fourth quarter of 2024 continued into the first month of...

Key player left out of Industrialisation Think Tank

SEIFSA applauds the establishment of an Industrialisation Think Tank housed in the Department of Trade Industry and Competition (DTIC) but is concerned by the...

Agric minister campaigns for diversity as SA joins international treaty

MILLIONS of farmers in Africa cultivate traditional crop varieties, save seed for the following season and exchange seed with their neighbours and other farmers. Minister...