PRSD attack definition
A Pseudo-Random Subdomain (PRSD) attack is a type of Distributed Denial of Service (DDoS) attack that uses large volumes of non-existent subdomains to overwhelm DNS servers and cause service disruption.
Attackers can use thousands or millions of pseudo-random subdomains, flooding the recursive and authoritative DNS servers until they can no longer distinguish legitimate queries from malicious requests. This slows down DNS resolution times and slows down the service or forces it to crash.
See also: application layer, DDoS mitigation, DNS query, flooding
Characteristics of PRSD attacks
- PRSD attacks focus on specific DNS servers as targets.
- Attackers use botnets to initiate DNS requests for pseudo-random subdomains, making them unpredictable.
- They target the DNS application layer.
- Due to the large volume of queries, some of the subdomains appear legitimate and aren’t blocked from the traffic.
Preventing PRSD attacks
- Adjusting DNS queries. Allowing the servers to handle higher query loads and respond to legitimate requests.
- Flow telemetry analysis. Observing the network traffic to detect abnormalities and recognize irregular patterns.
- Increasing servers. Using additional servers to handle a higher traffic flow.
- Blackholing. Rerouting abnormal traffic away from the target into a “black hole.”
