Technofriends

[Security] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website

Distributed Denial of Service attacks refers to a means of burdening or effectively shutting down a remote system by bombarding it with traffic from many other computers. DDoS attacks are often launched using the compromised systems of Internet users, often using botnets. Using such system, malicious users, crackers and scammers try to overload a system thereby consuming its entire resources and making it go on its knees.

Such attacks are often known to target a Webserver or for that matter an Application Server. However, attackers can also target a Domain Name Server ( thanks to the fact that close to 25% of DNS Servers are still unpatched. Read: Is your DNS patched against the recent Vulnerability? ). In my previous post about How a DNS Works you understood the importance of Domain Name Servers. Essentially, if an attacker can bring down the authoritative name server for your website, your website will no longer be accessible to all those who don’t have the hostname resolution cached. No address resolution means that your websites hostname wont be getting resolved to the IP Address… i.e, User’s browser or any other client, would never be able to resolve the hostname and therefore won’t know the IP Address where it should send the request.

So in short, if your DNS server was brought down by an attacker, even if the website servers i.e. the web and the application servers are up and running, user’s still wont be able to reach your website because the clients just won’t know where to send the data packet to.

Image: Pictorial Representation of DDos Attack on a DNS Server

Here are a few tips to secure your DNS Servers

1.) Ensure that your DNS is patched against the recent vulnerabilities.

2.) Securing the transfer of data between the DNS server and clients (or other servers) is also crucial. DNS uses TCP/UDP port 53; by filtering this port at different points in your security boundary, you can ensure that the DNS server receives only authorized connections.

3.) If you witness high volumes of network traffic from a single source machine directed toward your DNS server, you could be under a denial-of-service (DoS) attack. Throttle the connection from the source, or sever the connection until you can investigate the problem.

4.) You can also use quotas to prevent the flooding of DNS from a client. Clients typically register a maximum of 10 records in DNS. By limiting the number of objects a single client can register, you can prevent a client from starting a DoS attack against its own DNS server.

You can also follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Related posts:

1. Flush.M Trojan can fake DHCP Server
2. [Dynamic DNS] Free Dynamic DNS Service from DynDns
3. DDoS Brings Down Twitter ( What is DDos Attack?)
4. How does a DNS work?
5. [Security] Fake Facebook Password Reset Email Can Compromise Your Security

This entry was posted on Saturday, March 7th, 2009 at 10:27 pm and is filed under Technology, Tutorials. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “[Security] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website”

1. Daniel Craig on March 10th, 2009 at 10:27 pm

   Hey, I was looking around for a while searching for ddos attack and I happened upon this site and your post regarding ty] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website | Technofriends, I will definitely this to my ddos attack bookmarks!

2. Daniel Craig on March 18th, 2009 at 10:29 pm

   Hi there, I was looking around for a while searching for computers security and I happened upon this site and your post regarding ty] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website | Technofriends, I will definitely this to my computers security bookmarks!

3. Kirby Sommers on April 4th, 2009 at 8:12 pm

   Cyberspace 9/11 is here, by Kirby Sommers

   Cyberspace 9/11 is here. A trojan worm similar to the planes that crashed into the Twin Towers on September 11, 2001 are causing havoc to companies such as Time Warner Cable, Register.com and UltraDNS owned by Neustar and to millions of their customers throughout the United States and Europe.

   Time Warner Cable’s director of digital communications said it’s DNS servers have been targeted by “denial of service” attacks for seven days commencing on February 19. DNS servers matches easy to remember web addresses to corresponding numbers and without these translations working, web browsers are unable to find their destinations.

   UltraDNS the Reston, VA company had serious DOS attacks on April 2 and acknowledged in a statement that same day: “Early this morning, our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours.” Customers affected included Amazon, com, Oracle, Juniper, Diamond,com, Salesforce.com, Advertising.com and Petco.com.

   Anyone trying to reach those websites and others impacted by this attack received error notices like “page cannot be displayed”.

   Although both Time Warner Cable and UltraDNS claim to have the problem under control, Register.com is in its third day with no end in sight. Larry Kutscher, CEO of Register.com said: “unnamed persons all over the world are trying to attack us. Every time we get it under control, it morphs into another attack. It’s morphed at least three to four times. It keeps changing direction.”

   Steven Weiss, the CTO of the Carlton Group in New York City insists we’re under federal attack. “We have no way to stop it. Why is no news organization documenting this? Where is the Federal CTO. Where is he? Where is Homeland security? This is a serious problem. I don’t feel comfortable. We’re under attack and no one is doing anything. Just like the beginning of the banking problems. It was swept under the rug for a long time. They’re going to keep it quiet until they’re pushed against the wall.”

   Valerie Harding of Ripple Effect Communications a public relations firm whose offices are in Boston and who is a Register.com customer exclaimed: “For a PR firm we don’t even have a website. Some of our large clients are big public companies. We just lost a client who was supposed to have paid us a $74,000 retainer. And that’s just for one year. We lost that money because of what’s happening with Register.com. Losses are going to be huge.”

   And, I’d be remiss if I didn’t mention that my own businesses are also in big trouble as a result of Register.com’s problems. Both KirbySommers.com where I offer renters in New York City landlord data in order to save them broker fees and MovieStub.net where I save movie goers money by selling discount movie tickets are both casualties of this killer attack. My credibility as a businesswoman has been put on the line because no one has been able to access my websites for three days. I can’t even get into my mail.

   I brought up the financial loses I incurred with Kutscher who replied by stating: “My main focus is on getting back up.”

   For a company that prides itself on being the first online service business to receive the J.D. Power & Associates Call Service Certification, I’d say Mr. Kutscher’s response lacked service satisfaction.

   Where are you FBI, CIA, FEMA and our newly elected DC Chief Technology Officer Vivek Kundra…can you hear me? We’re under attack and no one is minding the store. No one is doing anything about the internet Armageddon which has cost businesses billions of dollars. Can you hear me now or have you gotten an error message?

4. Daniel Craig on April 5th, 2009 at 9:30 pm

   Hi, I was looking around for a while searching for security systems monitoring and I happened upon this site and your post regarding ty] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website | Technofriends, I will definitely this to my security systems monitoring bookmarks!

5. Daniel Craig on April 12th, 2009 at 9:29 am

   Hello, I was looking around for a while searching for denial of service and I happened upon this site and your post regarding ty] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website | Technofriends, I will definitely this to my denial of service bookmarks!

6. Daniel Craig on April 14th, 2009 at 1:30 am

   Hello, I was looking around for a while searching for financial security and I happened upon this site and your post regarding ty] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website | Technofriends, I will definitely this to my financial security bookmarks!

7. Daniel Craig on May 16th, 2009 at 9:29 pm

   Hi, I was looking around for a while searching for control system security and I happened upon this site and your post regarding ty] How a Distributed Denial of Service Attack on your DNS Server can bring down your Website | Technofriends, I will definitely this to my control system security bookmarks!

8. [Hacking] Twitter’s DNS Records Compromised by Iranian Cyber Army | Technofriends on December 18th, 2009 at 3:23 pm

   [...] Well, if you wish to understand how a compromised DNS can bring down you first need to understand What is a DNS and How does it work?. Once you have read about what a DNS is, you can also consider reading the effect of a DDos attack on a DNS and its effect on the website. [...]

Leave a Reply