DDoS

DNS amplification attacks back in the spotlight

US CERT re-issued today their March 29 2013 technical advisory reminding organisations to check their networks for open DNS resolvers, which can easily be used in a Distributed Denial of Service (DDoS) attack. See https://www.us-cert.gov/ncas/alerts/TA13-088A. An open DNS resolver is where the DNS server will accept and answer recursive DNS query requests from hosts that are not part of the IP address range under control of the organisation i.e. recursive DNS server functionality should be restricted to only those host IP addresses that belong to the enterprise or ISP.

Want to check if your DNS's are part of the purported 28 million open resolvers (as of May 2013 - see http://openresolverproject.org), then a useful tool is http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl  If you are the technical contact for the IP address range as reported by whois then this tool will send you the current resolver status of your DNS's.

Another great resource is the  site www.dnsinspect.com. This site provides you with a detailed report on the status of your DNS. A great place to check on possible security vulnerabilities for your domain.

The CERT amplification reference cited above provides an excellence reference, however if you need up-skilling on aspects of DNS then please contact us. We do provide training in all aspects of DNS, IP, Deep Packet Analysis and Cyber Security.