Avoiding dns amplification attacks

Avoiding dns amplification attacks
Avoiding DNS amplification attacks
Who am I?  @deassain  Security Advisor at a Big 4 company  security.stackexchange.com contributor  cloud101.eu
What is DNS amplification?  Distributed Denial of Service Attack  Abusing flaw in the DNS protocol's architecture  Spamhaus 300 Gbit/s
Reasons  DNS request vs DNS response (UDP)  Open resolving name servers  No implementation of BCP38
DNS Request vs Response Size  30 byte request → up to 500 byte response  1 Mbit on your machine → 17 Mbit at the target machine  Amplification
Open resolvers  Resolves DNS queries for any host  Spoof UDP source to target IP address  Tons of DNS responses end up at the target  Get your machines and disable recursion from the internet! (or the crypto bear will kick your ass )
BCP38: Ingres Filtering  Works for IPv4  http://tools.ietf.org/html/rfc2827  Upstream providers only allow traffic for IP blocks for which their clients are configured  Cooperation between ISPs

Check these out next

Avoiding dns amplification attacks

Recomendados

Mais conteúdo relacionado

Similar a Avoiding dns amplification attacks(20)

Último(20)

Avoiding dns amplification attacks