DNS Request Amplification (Server Spoofed Request Amplification)
DDoS attacks are attacks that we encounter very frequently and are generally aimed at disrupting the service of an institution, organization or user. It can be done using many computers or a single computer.
What is DNS Request Expansion?
DNS servers, by their nature, respond to all requests. The attacker takes advantage of this vulnerability of these servers and keeps the servers busy by sending many and very large packets. It renders you incapacitated over time. Thus, a DNS Request Expansion attack can be performed.
How Are DNS Request Expansion Attacks Performed?
DNS Request Expansion is a reflection attack. All DNS servers accessible by the attacker are manipulated and UDP packets of large sizes and numbers are sent to the target server. Depending on the density and number of packets sent, the victim system is overloaded, disrupting the functioning of the system.
Precautions That Can Be Taken Against DNS Request Amplification Attacks
DNS Request Expansion DDoS To protect against attacks, IP configurations must be made correctly. Additionally, other precautions that can be taken are as follows:
- If the server does not need to be accessed from the internet, IP restriction should be made so that only your customers or employees can access it.
- Recursion DNS servers should not be responded to on systems open to the Internet. To ensure security, the system must respond to queries only for domain names for which it has authority.
- Attacks can be avoided by contacting internet service providers and changing IP addresses. (Internet service providers that comply with the rules defined in BCP 38 are successful in preventing these attacks).
- With the increased use of IPv6, the need for NAT will decrease and the impact of such attacks can be reduced as the source IP can be changed.