Jump to content

Recommended Posts

.

24 million routers expose ISPs to DNS-based DDoS attack
 
Posted on 02 April 2014
 

DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide. A simple attack can create 10s of Gbps of traffic to disrupt provider networks, enterprises, websites, and individuals anywhere in the world.


dns-ddos-nominum.jpg

 

Nominum’s latest research reveals:

  • More than 24 million home routers on the Internet have open DNS proxies which expose ISPs to DNS-based DDoS attacks
  • In February 2014, more than 5.3 million of these routers were used to generate attack traffic
  • During an attack in January 2014, more than 70% of total DNS traffic on a provider’s network was associated with DNS amplification
  • DNS is by far the most popular protocol for launching amplification attacks, with more available amplifiers than the next four protocols combined.
DNS amplification attacks require little skill or effort and cause major damage; this is the reason why they are increasingly popular. Because vulnerable home routers mask the target of an attack it is difficult for ISPs to determine the ultimate destination and recipient of huge waves of amplified traffic.

Traffic from amplification amounts to trillions of bytes a day disrupting ISP networks, websites and individuals. The impact on ISPs is fourfold:
  • Network impact generated by malicious traffic saturating available bandwidth
  • Cost impact generated by a spike in support calls caused by intermittent service disruption
  • Revenue impact as poor internet experience leads to increased churn or retention expenses
  • Reputation impact as unwanted traffic is directed toward peers.

 

"Existing in-place DDoS defenses do not work against today’s amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort," explained Sanjay Kapoor, SVP of Strategy, Nominum. "Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies."

 

SOURCE: http://www.net-security.org/secworld.php?id=16617

 

/Steve

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.