Tuesday, 16 April 2024
22.7 C

Tactics for DNS infrastructure defense

Home Engineering ICT Tactics for DNS infrastructure defense

FOR something so important, many businesses take a lot of the services provided by Domain Name System (DNS) for granted. But DNS availability is critical for anyone providing services or content across the internet.

That’s according to testing and measurement specialists Comtest, which cited a number of high-profile, high-impact attacks against DNS over the years.

“For example, the 2016 Mirai attacks against DNS service provider DYN impacted millions of users of services such as Netflix,” the company said in a statement.

There are several types of common DNS attacks. The Mirai attackers used a distributed denial-of-service (DDoS) attack to make DNS unavailable. Using a technique known as Water Torture, the attackers used a botnet to generate DNS queries for millions of random hosts, putting a huge load on the DNS infrastructure and rendering it unavailable for genuine user queries.

“Bad actors can also leverage DNS to attack third-party targets by using reflection or amplification attacks to generate large-scale volumetric attacks,” the company warned.

A DNS reflection/amplification attack uses a botnet to generate DNS queries using the source IP address of the intended DDoS victim.

The DNS servers innocently send their large volume of responses back to the victim, creating traffic volume as much as 10 to 100 times higher than that generated by the original botnet. Once the limits on bandwidth for the network, server, or application are reached, the circuit becomes unavailable.

Comtest recommends the following tactics to build a holistic defense strategy for defending against DNS DDoS attacks:

  • Current threat intelligence. Threat intelligence is a crucial tool for DDoS detection and mitigation. Security personnel and DNS administrators must not only be aware of the latest DNS exploits but also understand how the exploit works, and what it does to fully understand the impact on DNS infrastructure.
  • Regular audits.  Proper maintenance is critical. Organizations must include DNS infrastructure in periodic, realistic tests of the organization’s DDoS mitigation plan, as well as regularly audit and properly configure DNS servers.
  • Network visibility. Companies must be able to quickly detect abnormal DNS traffic, including both application-layer and volumetric reflection/amplification DNS vector attacks. To accomplish this, you will need visibility and fast detection at Layer-3/4 and Layer-7 of the network.
  • Orchestrated mitigation.  Companies can orchestrate multiple methods of mitigation, including their own network infrastructure, dedicated DDoS migration products, and for network operators, information sharing with other operators. By implementing such an orchestrated mitigation strategy, companies can strategically assign different methods of mitigation to different attack vectors.

Most Popular

The new ‘City of the West’ showcases opportunities

THE Westown development team and Fundamentum Property Group hosted more than 40 residential, commercial, and industrial brokers and agents at the Westown construction site...

Sibaya node north of Durban attracts investment

LOCATED between the Ohlanga and eMdloti estuaries on KwaZulu-Natal’s north coast, the Sibaya Coastal Precinct has undergone a remarkable transformation over the past decade...

Full closure of the N3 due to blasting near Peacevale

THE N3 in KwaZulu-Natal will be fully closed on 10 April 2024 between 14h30 and 15h00 to facilitate blasting next to the N3 opposite...

Precise planning, clear goals and optimisation are key to supply chain success

AS one of the leading manufacturers of industrial gas, Air Products has established a successful supply chain strategy, crafted from industry experience, best practice...