Cisco CloudCenter: Get the Hybrid IT Advantage

Domain Name Server Amplification Attack (DNS Amplification Attack)

Definition - What does Domain Name Server Amplification Attack (DNS Amplification Attack) mean?

A domain name server amplification attack (DNS amplification attack) is a sophisticated type of distributed denial-of-service attack (DDoS) that involves sending massive amounts of incoming data to a server. Through spikes in network traffic, the intent is to make a system unavailable to legitimate users.

Techopedia explains Domain Name Server Amplification Attack (DNS Amplification Attack)

Experts characterize DNS amplification attacks as techniques that use specific kinds of DNS query protocols and available hardware setups to plague a system with unnecessary incoming queries. Earlier and more primitive DNS amplification attacks sent individual requests to central network resources. Due to a lack of handshake authentication, these nodes would distribute requests to other network system devices. These kinds of attacks have largely been prevented through modern network administration.

Newer types of DNS amplification attacks involve DNS servers known as open resolvers. The idea is that Internet service providers (ISP) typically assign clients these DNS servers, which help hand out IP address information. A common DNS amplification attack technique involves forging packet headers and otherwise tricking DNS servers into catching up with a large volume of illegal IP traffic and serving queries that are not authentic but intended as part of the DDoS attack.

Attackers also can send specific types of queries that require a more substantial response from DNS servers. For example, a query may ask for a large collection of DNS records. Experts also have noted that these "open resolvers" are set up incorrectly and should not be set up to answer queries indiscriminately. By closing these kinds of security loopholes, a network can protect itself against common types of DNS amplification attacks and similar DDoS attacks.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.