White Paper

DrDoS DNS Reflection Attacks Analysis

Source: Prolexic

The DNS Distributed Reflection Denial of Service (DrDoS) technique relies on the exploitation of the Domain Name System (DNS) Internet protocol. Malicious actors, or hackers, will spoof, or pretend to be, the IP address of their primary target and then send application requests to a list of victim DNS servers. When each DNS server receives the forged request, the server is tricked into responding to the spoofed IP address of the hacker's primary target. The victim DNS servers will thus unwittingly send a flood of unwanted responses to the primary target.

This method of DDoS attack is disruptive to both the victim DNS servers and the primary target. The scale of the attack depends on the number of victim DNS servers on the attacker's list. An attacker can build a list of DNS server IP addresses simply by scanning IP ranges and checking for responses on port 53, which is used for DNS messages. Furthermore, since the DrDoS attack uses spoofed IP requests to a legitimate DNS server, attributing the attack to the original malicious actor becomes a difficult task.

Prolexic has observed many DrDoS DNS Reflection attacks, targeting a multitude of industries. An analysis of these attacks is included in this report.

To read more, download the full report below.

access the White Paper!

Get unlimited access to:
Trend and Thought Leadership Articles
Case Studies & White Papers
Extensive Product Database
Members-Only Premium Content
Welcome Back! Please Log In to Continue. X

Enter your credentials below to log in. Not yet a member of VAR Insights? Subscribe today.

Subscribe to VAR Insights X
  • The value '20' is not valid for NewsletterUserId.

Please enter your email address and create a password to access the full content, Or log in to your account to continue.

or

Subscribe to VAR Insights
  • The value '20' is not valid for NewsletterUserId.

Please tell us more about you so that we can customize our newsletters to your specific interests: