SlideShare a Scribd company logo

Avoiding dns amplification attacks

Download as PPT, PDF
Lucas Kauffman
Lucas Kauffman
Technology
1 of 7
Avoiding DNS amplification attacks
Who am I?  @deassain  Security Advisor at a Big 4 company  security.stackexchange.com contributor  cloud101.eu
What is DNS amplification?  Distributed Denial of Service Attack  Abusing flaw in the DNS protocol's architecture  Spamhaus 300 Gbit/s
Reasons  DNS request vs DNS response (UDP)  Open resolving name servers  No implementation of BCP38
DNS Request vs Response Size  30 byte request → up to 500 byte response  1 Mbit on your machine → 17 Mbit at the target machine  Amplification
Open resolvers  Resolves DNS queries for any host  Spoof UDP source to target IP address  Tons of DNS responses end up at the target  Get your machines and disable recursion from the internet! (or the crypto bear will kick your ass )
BCP38: Ingres Filtering  Works for IPv4  http://tools.ietf.org/html/rfc2827  Upstream providers only allow traffic for IP blocks for which their clients are configured  Cooperation between ISPs

Recommended

Lab report
Lab reportLab report
Lab report
Md Selim Hossain
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...
CODE BLUE
 
Docker: please contain your excitement
Docker: please contain your excitementDocker: please contain your excitement
Docker: please contain your excitement
johnnnl
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Detecting dns-tunneling-34152
Detecting dns-tunneling-34152Detecting dns-tunneling-34152
Detecting dns-tunneling-34152
huynhvanphuc
 
Basics of IPv6
Basics of IPv6Basics of IPv6
Basics of IPv6
webhostingguy
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slides
Men and Mice
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
APNIC
 

Recommended

Lab report
Lab reportLab report
Lab report
Md Selim Hossain
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...
CODE BLUE
 
Docker: please contain your excitement
Docker: please contain your excitementDocker: please contain your excitement
Docker: please contain your excitement
johnnnl
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Detecting dns-tunneling-34152
Detecting dns-tunneling-34152Detecting dns-tunneling-34152
Detecting dns-tunneling-34152
huynhvanphuc
 
Basics of IPv6
Basics of IPv6Basics of IPv6
Basics of IPv6
webhostingguy
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slides
Men and Mice
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
APNIC
 
Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc.
Osaka University
 
Dns Amplification Zafiyeti
Dns Amplification ZafiyetiDns Amplification Zafiyeti
Dns Amplification Zafiyeti
Mehmet VAROL
 
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and CaretoThe Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
Mike Chapple
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
 
Finding Evil In DNS Traffic
Finding Evil In DNS TrafficFinding Evil In DNS Traffic
Finding Evil In DNS Traffic
real_slacker007
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
DefensiveDepth
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
Memoori
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The Internet
Carl J. Levine
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
Rahul Neel Mani
 
DNS Security
DNS SecurityDNS Security
DNS Security
inbroker
 
Dns security overview
Dns security overviewDns security overview
Dns security overview
Vladimir2003
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
Philippe Camacho, Ph.D.
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
Sam Bowne
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
Amazon Web Services
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.
Taras Matyashovsky
 
Spamhaus DDoS - FR
Spamhaus DDoS - FRSpamhaus DDoS - FR
Spamhaus DDoS - FR
Matthieu Tourne
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
Christopher Frenz
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 

More Related Content

Viewers also liked

Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc.
Osaka University
 

Viewers also liked (20)

Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc.
 
Dns Amplification Zafiyeti
Dns Amplification ZafiyetiDns Amplification Zafiyeti
Dns Amplification Zafiyeti
 
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and CaretoThe Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
 
Finding Evil In DNS Traffic
Finding Evil In DNS TrafficFinding Evil In DNS Traffic
Finding Evil In DNS Traffic
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
How IoT Is Breaking The Internet
How IoT Is Breaking The InternetHow IoT Is Breaking The Internet
How IoT Is Breaking The Internet
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Dns security overview
Dns security overviewDns security overview
Dns security overview
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.
 
Spamhaus DDoS - FR
Spamhaus DDoS - FRSpamhaus DDoS - FR
Spamhaus DDoS - FR
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 

Similar to Avoiding dns amplification attacks

Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
Michael Earls
 
DMMS presentation25
DMMS presentation25DMMS presentation25
DMMS presentation25
Yuri Alimov
 

Similar to Avoiding dns amplification attacks (20)

Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
Dns security
Dns securityDns security
Dns security
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns
 
Dns server converted
Dns server convertedDns server converted
Dns server converted
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Common Network Services
Common Network ServicesCommon Network Services
Common Network Services
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name System
 
DMMS presentation25
DMMS presentation25DMMS presentation25
DMMS presentation25
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Networking 101
Networking 101Networking 101
Networking 101
 
Networking 101
Networking 101Networking 101
Networking 101
 
Networking 101
Networking 101Networking 101
Networking 101
 
Networking 101
Networking 101Networking 101
Networking 101
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache ServersNANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
 
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
 
Dns
DnsDns
Dns
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
Chapter06
Chapter06Chapter06
Chapter06
 
Dns
DnsDns
Dns
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Avoiding dns amplification attacks

  • 2. Who am I?  @deassain  Security Advisor at a Big 4 company  security.stackexchange.com contributor  cloud101.eu
  • 3. What is DNS amplification?  Distributed Denial of Service Attack  Abusing flaw in the DNS protocol's architecture  Spamhaus 300 Gbit/s
  • 4. Reasons  DNS request vs DNS response (UDP)  Open resolving name servers  No implementation of BCP38
  • 5. DNS Request vs Response Size  30 byte request → up to 500 byte response  1 Mbit on your machine → 17 Mbit at the target machine  Amplification
  • 6. Open resolvers  Resolves DNS queries for any host  Spoof UDP source to target IP address  Tons of DNS responses end up at the target  Get your machines and disable recursion from the internet! (or the crypto bear will kick your ass )
  • 7. BCP38: Ingres Filtering  Works for IPv4  http://tools.ietf.org/html/rfc2827  Upstream providers only allow traffic for IP blocks for which their clients are configured  Cooperation between ISPs