Updated March 27, 2023
What is DNS Amplification Attack?
DNS amplification is a DDoS attack in the attacker’s domain name system (DNS) server vulnerabilities to initially turn small requests into a much larger payload, using the victim’s server for break down. DNS amplification is a form of reflection attachment that manipulates public domain name systems and makes them flood with large amounts of UDP packets. By using different amplification methods, writers can “inflate” the size of those UDP packets to make the attack so efficient that the Internet infrastructure is even the most reliable.
A DNS amplification attack uses various methods to achieve the same end goal of denying service. The idea is to picture six wide-load trucks driving side by side along the same six-lane road rather than thousands of cars entering the highway at once. As a result, the traffic flow has been totally disrupted, not by a sudden attack of thousands of cars, but by a small number of vehicles that can not pass through normal traffic. And, while most DDoS attacks work by flooding a network with huge amounts of average packets, the DNS amplification attack can obtain the same result. Nonetheless, no analogy is perfect, and the DNS amplification past has a few additional nuances, and let’s look at this assault in depth.
How does DNS Amplification Attack Work?
Malicious actors use the normal operation of the Domain Name System (DNS) – the internet’s “address book,” as a tool against the targeted victim’s website during a DNS amplification assault. The aim is to overflow the website with the use of bogus DNS-Search requests so that the site fails. Let’s review at a high level how DNS works to understand how the attack works. DNS is the Internet service that accepts this request, which finds an IP address assigned to that domain name and sends it back into the browser for the client to connect to that website when a user types www.example.com in his browser. So, what’s next about the attackers? Enlargement. Remember that their goal is to turn small DNS requests into big answers. A standard DNS (just a few lines) requests is very small – usually in ten bytes – and returns only a little larger response.
Description of DNS Amplification Attack
Amplification of DNS is a kind of reflection attack, like other amplification attacks. Here the reflection is accomplished through an answer to a spoofed IP address from a DNS solver. The number of DNS responses can be easily overwhelmed by multiple duplicate requests and the number of DNS resolutions that are simultaneously repeated. Once exacerbated, reflex impacts are even riskier. “Enhanced” refers to a server response unrelated to the initial packet request sent. Every DNS request can be sent to intensify a DNS attack using the EDNS0 DNS protocol extension, which allows for large DNS messages, or the DNS security extension cryptography function to improve the message size. Spoofing queries of type “ANY” can also be used, returning in one message, all known information on a DNS region.
How DNS Attack can be Mitigated?
There are restricted mitigation solutions for a person or company that runs a website or service. This is because the server of the victim is not where the main impact of a volumetric attack can be felt while it might be the target. The network surrounding the server is distinguished by the tremendous amount of traffic it produces. The ISP or other upstream infrastructure providers can not handle the incoming traffic without being overwhelmed. The ISP may thus lock all traffic into the IP address of the target party, defend itself and delete the target site. Mitigation strategies are primarily protective Internet infrastructure approaches apart from off-site protection services such as Cloudflare DDoS protection. Since the UDP applications sent by a botnet attacker need a source IP address spoofed to the IP address of the victim, it is necessary to reject internal traffic with spoofed IP addresses by Internet providers (ISPs). If a packet with an address appearing to originate from outside of the network is being sent from within the network, it’s probably a spoofed packet and can be dropped.
This is a guide to DNS Amplification Attack. Here we discuss a brief overview along with its working and how the DNS attack can be mitigated? You may also have a look at the following articles to learn more –