Weak Routers Bring DNS DDoS Attacks

Monday, April 7, 2014 @ 05:04 PM gHale

Over 24 million home routers that have open DNS proxies, which means Internet service providers (ISPs) are vulnerable to DNS amplification distributed denial-of-service (DDoS) attacks, researchers said.

Over 5.3 million of these vulnerable routers ended up used to generate attack traffic in February 2014, said researchers at Nominum, a telecom analytics, security and DNS network services firm. In one attack that took place in January, over 70 percent of a provider’s DNS traffic ended up associated with DNS amplification.

DDoS Attacks on Rise, Stronger
DDoS Attacks: ‘A Common Pain Point’
Hike in NTP Amplification DDoS Attacks
Vast DDoS Attack Hits DNS Platform

“Existing in-place DDoS defenses do not work against today’s amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort,” said Sanjay Kapoor, CMO and senior vice president of strategy at Nominum.

“Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies,” Kapoor said.

“ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic.”

DNS amplification attacks are still the most popular among cybercriminals. One of the reasons is because they’re easy to launch. In the case of home routers, they are suffer attacks because they make it difficult for the ISP to determine the target.

ISPs whose networks end up abused for DNS amplification attacks have their bandwidth saturated due to the malicious traffic. In addition, intermittent service disruptions caused by the cybercriminal operations can lead to a spike in support calls, which can have a negative financial impact on the company.

The intensity of DDoS attacks continues to increase. Over the past months, in addition to DNS amplification attacks, researchers spotted some significant operations relying on vulnerable Network Time Protocol (NTP) servers.

Leave a Reply

You must be logged in to post a comment.