<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

Nexusguard Blog

Cybersecurity best practices and DDoS defence strategies

Latest Stories

Featured Stories

Blog Home
Nexusguard Research
By
September 09, 2019

What Is A DNS Attack And Why Are They Dangerous?

What Is a DNS Attack?

It is orchestrated by an attacker exploiting the vulnerabilities in a Domain Name System (DNS).

 

But what exactly is a DNS you might ask?

 

Well, it a system that translates internet domain names into IP addresses, for example the text form of a website (www.example.com) into its location address (206.15.67.453).

 

With an appreciation for how domain names work you’ll consolidate your understanding of DNS attacks.

 

They’re instigated when users type requisite domains into internet browsers.

 

At this stage a browser’s DNS resolver will translate a written address into a numerical IP address.

 

The resolver will check whether it already has the IP address on record by assessing the local cache.

 

If the IP address isn’t there, the resolver will query the DNS server in an attempt to track down the necessary IP address.

 

DNS servers can evaluate each other as part of a multi-exchange, on a quest to discover the information needed at present time.

 

The correct IP address for any given situation can be located through advanced DNS relationships.

 

Once located the relevant IP address is sent to the requesting program and cached for later use.

 

So why exactly is all this relevant?

 

Well, it is during the aforementioned exchange of information between clients and servers that DNS attacks are most prominent.

 

Why? Because there is ample opportunity to attack when data is being communicated in an open setting.

 

Though DNS is generally quite robust, there are various complex attacks which will be raring and ready to go.

 

DNS wasn’t designed for security, so to reduce the incidence of attacks you can take simple measures like using the latest DNS software.

 

You can also monitor traffic, configure duplicate servers and isolate multiple DNS functions.

 

Though there are preventative measures that offer peace of mind, some problems are quite simply too much to comprehend.

 

For these you should leverage the help of a professional like Nexusguard.

 

In the meantime though it helps to understand the different types of DNS attack you should be looking out for.

 

By doing so you’ll be capable of identifying threats quickly, even when you aren’t sure how to respond.

 

The greater your understanding of DNS attacks, the greater the preventative measures you’ll be able to take going forward, rather than reacting before it’s too late!

 

 

What Types of DNS Attack Should You Watch Out For?

 

Domain Hijacking / DNS Poisoning

This occurs when traffic is redirected to new destinations.

 

Have you ever been routed to the wrong website and felt a sense of confusion?

 

After typing the correct website into the search bar and pressing enter, you’d be silly to assume you’d be directed anywhere else right?

 

Wrong, in fact it’s a perfect opportunity for advanced phishing techniques used by malicious parties to mine information.

 

Domain hijacking usually involves changes in your domain registrar and DNS servers, where attackers take advantage of vulnerabilities in your system.

 

But there’s more than one way to skin a cat, in fact domain hijacking can also take place when your DNS records are taken control of.

 

Once your DNS has been hacked, attackers will use it to launch invalidated activities like setting up accounts in your name or recording the sensitive information you type into a compromised page.

 

DNS poisoning works on a very similar principle, where attackers gain access to your legitimate traffic and leverage it to their advantage.

 

Exploiting the DNS caching system is a fairly common tactic, so how can you safeguard against it?

 

Your best bet is to take preventative measures, namely to prevent your DNS cache from being exploited.

 

This includes precautions like setting up short TTL times, regularly updating your programs, and clearing the DNS caches of networking systems and local machines.

 

There are various online guides designed to help you prevent domain hijacking.

 

 

DDoS Attack on DNS

DDoS attacks are infamously remarked as a primary concern in today’s internet security landscape.

 

They function to disrupt normal traffic by flooding the current infrastructure with a flood of internet traffic. This overwhelms the target page, preventing it from functioning as normal.

 

When executed successfully a DDoS attack on a DNS server will cause it to crash, a harmful prospect when you consider how many people can be blocked from accessing an important website.

 

So how do you safeguard against these attacks?

 

Well this depends on a few factors. Are you hosting a DNS server? If so there are measures for protecting it, which include but aren’t limited to only enabling access from local machines and also patching.

 

If on the other hand you’re trying to reach a server that’s been attacked, you might face a few difficulties along the way.

 

For ultimate peace of mind your best bet is to engage more than one DNS server, so your systems are configured with fail-safes in mind.

 

That way if one server goes down you have others to fall back on.

 

 

DNS Amplification Attack

Though not strictly an attack against a DNS system, an amplification attack instead exploits DNS services to bolster DDoS attacks.

 

DDoS attacks have gained notoriety in the mainstream media for their ability to target big companies like Sony, Microsoft, BBC, and Krebs on Security.

 

A typical DDos attack uses a botnet is to target malware-infected computers.

 

Large amounts of traffic can be redirected to a target destination, with the aim of crashing the server in question.

 

But with an amplification attack things are ramped up a notch or two.

 

In this case the botnet used will send requests to other systems, which respond by sending significant volumes of traffic to the victims in question.

 

These requests have a fake source address, and are used to maximize the amount of data returned by each DNS server.

 

The small volume of data sent from the botnet is amplified into greater volumes of traffic, which is directed to a victim causing their system to falter.

 

UTM firewalls are a great way to safeguard against these attacks, alongside hosting business services on multiple servers.

 

As you can probably tell by now, dealing with DNS attacks isn’t the easiest proposition in the world.

 

Some things are best left to the experts, so if you’re interested in safeguarding against malicious DNS attacks, why not contact Nexusguard for all your IT security services needs.

 

Thanks for reading!

Though not strictly an attack against a DNS system, an amplification attack instead exploits DNS services to bolster DDoS attacks.

Comments Form: