Anatomy of a DDoS attack against the DNS infrastructure

The Domain Name System (DNS) is part of the functional infrastructure of the Internet and part of the Internet’s “trust” framework. Without these nameservers, the huge investments in hardware, software and applications that organizations make cannot be found and accessed by customers. Unfortunately, because the DNS is a key piece of infrastructure, it is a piece is targeted by malicious players. Distributed Denial of Service (DDoS) attacks targeting the DNS is a specific type of DDoS attack that exposes vulnerabilities in the DNS system. This solution brief provides an explanation for this specific type of attack.

A distributed denial of service (DDoS) attack is used to bring down a system without leveraging the attackers own system. This helps the attacker to avoid discovery. While this form of attack, on its own, doesn’t attempt to gain access to an organizations data, it can be used maliciously by bad actors to deny resources or inhibit services to a targeted system. Moreover, DDoS attacks in general have been on the rise globally for years and 2016 was no exception. One of the largest ever targeting the DNS occurred against Dyn DNS servers in October 2016 and used IoT devices to generate up to 1 TB of traffic. Fully one-third of DNS operators have reported a customer-impacting attack of this type (source: Arbor 2016 Worldwide Infrastructure Security Report). For service providers, this number jumps to 50%!