DNS amplification attack
(also DNS DDoS attack)
DNS amplification attack definition
A DNS amplification attack is a type of DDoS attack that targets an organization’s or individual’s DNS infrastructure. The primary purpose of a DNS amplification attack is to disrupt the availability of the target’s network or services by overwhelming it with a large volume of traffic. For example, if a hacker attacks the server hosting a website with a DNS amplification attack, the website and server will stall or shut down completely. So, people won’t be able to access the website and buy what it’s selling, causing the business to lose both money and customers. Also, it will take the server time to recover, and might require adjusting network configurations.
See also: cyberattack, dns attack
DNS amplification attack prevention
Source IP verification. To prevent a DNS amplification attack, controlling which IP addresses can send data packets within a network is necessary. If an IP address has a source address that makes it look like it is not part of the network but is sending data from inside it, then it’s most likely a spoofed IP address attempting an attack. Source IP verification can be implemented by using ingress filtering.
Decrease the number of open DNS resolvers. A DNS amplification attack is usually conducted by attacking open DNS resolvers. So, the more open DNS resolvers you have, the easier it will be for an attacker to find one and use it to overwhelm your server or network with traffic.