Domain Name Server Amplification Attack

Why Trust Techopedia

What Does Domain Name Server Amplification Attack Mean?

A domain name server amplification attack (DNS amplification attack) is a sophisticated type of distributed denial-of-service attack (DDoS) that involves sending massive amounts of incoming data to a server. Through spikes in network traffic, the intent is to make a system unavailable to legitimate users.

Advertisements

Techopedia Explains Domain Name Server Amplification Attack

Experts characterize DNS amplification attacks as techniques that use specific kinds of DNS query protocols and available hardware setups to plague a system with unnecessary incoming queries. Earlier and more primitive DNS amplification attacks sent individual requests to central network resources. Due to a lack of handshake authentication, these nodes would distribute requests to other network system devices. These kinds of attacks have largely been prevented through modern network administration.

Newer types of DNS amplification attacks involve DNS servers known as open resolvers. The idea is that Internet service providers (ISP) typically assign clients these DNS servers, which help hand out IP address information. A common DNS amplification attack technique involves forging packet headers and otherwise tricking DNS servers into catching up with a large volume of illegal IP traffic and serving queries that are not authentic but intended as part of the DDoS attack.

Attackers also can send specific types of queries that require a more substantial response from DNS servers. For example, a query may ask for a large collection of DNS records. Experts also have noted that these “open resolvers” are set up incorrectly and should not be set up to answer queries indiscriminately. By closing these kinds of security loopholes, a network can protect itself against common types of DNS amplification attacks and similar DDoS attacks.

Advertisements

Related Terms

Margaret Rouse
Technology Specialist
Margaret Rouse
Technology Specialist

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.