Thu, 11 Aug 2022
22.7 C
Durban

Tactics for DNS infrastructure defense

Home Engineering ICT Tactics for DNS infrastructure defense

FOR something so important, many businesses take a lot of the services provided by Domain Name System (DNS) for granted. But DNS availability is critical for anyone providing services or content across the internet.

That’s according to testing and measurement specialists Comtest, which cited a number of high-profile, high-impact attacks against DNS over the years.

“For example, the 2016 Mirai attacks against DNS service provider DYN impacted millions of users of services such as Netflix,” the company said in a statement.

There are several types of common DNS attacks. The Mirai attackers used a distributed denial-of-service (DDoS) attack to make DNS unavailable. Using a technique known as Water Torture, the attackers used a botnet to generate DNS queries for millions of random hosts, putting a huge load on the DNS infrastructure and rendering it unavailable for genuine user queries.

“Bad actors can also leverage DNS to attack third-party targets by using reflection or amplification attacks to generate large-scale volumetric attacks,” the company warned.

A DNS reflection/amplification attack uses a botnet to generate DNS queries using the source IP address of the intended DDoS victim.

The DNS servers innocently send their large volume of responses back to the victim, creating traffic volume as much as 10 to 100 times higher than that generated by the original botnet. Once the limits on bandwidth for the network, server, or application are reached, the circuit becomes unavailable.

Comtest recommends the following tactics to build a holistic defense strategy for defending against DNS DDoS attacks:

  • Current threat intelligence. Threat intelligence is a crucial tool for DDoS detection and mitigation. Security personnel and DNS administrators must not only be aware of the latest DNS exploits but also understand how the exploit works, and what it does to fully understand the impact on DNS infrastructure.
  • Regular audits.  Proper maintenance is critical. Organizations must include DNS infrastructure in periodic, realistic tests of the organization’s DDoS mitigation plan, as well as regularly audit and properly configure DNS servers.
  • Network visibility. Companies must be able to quickly detect abnormal DNS traffic, including both application-layer and volumetric reflection/amplification DNS vector attacks. To accomplish this, you will need visibility and fast detection at Layer-3/4 and Layer-7 of the network.
  • Orchestrated mitigation.  Companies can orchestrate multiple methods of mitigation, including their own network infrastructure, dedicated DDoS migration products, and for network operators, information sharing with other operators. By implementing such an orchestrated mitigation strategy, companies can strategically assign different methods of mitigation to different attack vectors.

Click here to find out more about NETSCOUT – bit.ly/3nCVlX7

Most Popular

New R235-million wax flooding facility begins operating at VWSA plant in Kariega

THROUGHOUT two and a half years of a worldwide pandemic and varying levels of lockdowns and travel restrictions, a project team across four countries...

Key considerations: AgriTech for your agriculture business

By Estelle Lubbe – Co-Founder and CXO of The Awareness Company TECHNOLOGY continues to transform industries globally as the trend towards digitising operations to enhance...

TNPA – Request for information for potential renewable energy project

TRANSNET National Ports Authority (TNPA) has announced a Request for Information (RFI), calling on private sector participants to submit project proposals for the introduction...

New property management company opens in the Eastern Cape

A new property management service has opened its doors in Gqeberha, offering much needed hands-on services to the commercial, retail, industrial and residential property...