AOH :: HP Unsorted D :: B06-1119.HTM

Dns amplification attacks



DNS Amplification Attacks
DNS Amplification Attacks



In this paper we address in detail how the recent DNS DDoS attacks work.
How they abuse name servers, EDNS, the recursive feature and UDP packet 
spoofing, as well as how the amplification effect works.

Our study is based on packet captures (we provide with samples) and logs 
from attacks on different networks reported to have a volume of 2.8Gbps. 
One of these networks indicated some attacks have reached as high as 
10Gbps and used as many as 140,000 exploited name servers.

In the conclusions we also discuss some remediation suggestions.

Given recent events, we have been encouraged to make this text available 
at this time.

URL: http://www.isotf.org/news/DNS-Amplification-Attacks.pdf 

Please note that this version of this paper is prior to submission for 
publication and that the final version may see significant revisions.

Thanks,

Randy Vaughn and Gadi Evron.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.