You have heard of word Hacking on the web and sometimes you tried to perform some unusual hacking activities on the net.There is a word which is revolving around the Dark Web is DNS Attack (commonly called DDOS Attack).If you have a little bit knowledge about hacking then you have heard about the DNS Attack.Let us Know About this in deep.
What is DNS Attack?
DNS attack is the sophisticated Denial of service attack that takes the advantage of DNS servers behavior in order to amplify the attack.
DNS servers resolve internet domain names into IP addresses.In order to visit the www.example.com, a computer must find out the IP address of example.com. So the computer is known as the DNS resolver which sends a DNS query to the DNS server asking, ” What is the IP address of example.com? “. If the local DNS knows the answer then it replies to the DNS resolver with the known IP address.If it doesn’t know the answer then it asks one of the DNS root name servers which points the resolver to the other DNS server.The DNS resolver asks the other DNS server the same question until it finds a DNS server who knows the IP address of example.com.
How an attacker perform DNS attack?
In order to launch a DNS attack, the attacker performs two malicious tasks.
- The attacker spoofs the IP address of the DNS resolver and replaces it with the victims IP address. This will cause all DNS replies from the DNS servers to be sent to the victim’s servers.
- The attacker finds an Internet domain that is registered with many DNS records.During the attack, the attacker sends DNS queries that request the entire list of DNS records for that domain.This result in large replies from the DNS servers.Usually So big that they need to be split over several packets.
Now the attacker is ready to launch the attack.Using very few computers, the attacker sends a high rate of short DNS queries to the multiple DNS servers asking for the entire list of DNS records for the internet domain it chooses earlier.The DNS servers look for the answer and provide it to the DNS resolver.
However, because the attacker spoofed the IP address of the DNS resolver and set it to be the IP address of the victim, all the DNS replies from the servers are sent to the victim.
The attacker achieves an amplification effect because for each short DNS query it sends, the DNS servers reply with a larger response, sometimes up to 100 times larger.For example, if the attacker generates 3 megabits per second of DNS queries, it actually amplified to 300 megabits per second of data traffic on the victim.
The victim is bombed with a high rate of large DNS replies, where each reply is split over several packets.This requires the victim to reassemble the packet, which is a resource-consuming task and to attend to all of the attack traffic.Soon enough the victim’s servers become so busy handling the attack traffic that they can’t service any other request from legitimate users attacker achieves a denial of service
How To fight DNS Attack?
DNS attacks have changed dramatically over the past few years.Attackers are deploying more attack tools and more attack vectors in each attack making the attacks more difficult to detect and mitigate.
DNS attacks such as UDP, ICMP and TCP SYN Flood are commonly known to consume large bandwidth but Today, Application level attacks that don’t consume large bandwidth can easily take down online services.
If you are running a brand which is quite popular on net or you want to make it popular on the web then the thing which hits your mind is that How can you protect yourself from DNS Attack?
- Increase your bandwidth: If you running a site then Bandwidth is the known word for you.Bandwidth is the level of traffic and amount of data that can transfer between your site, users, and the Internet.
- Using CDN: Using a content delivery network is a way to get secured from DNS attack.
- DDOS Protection: Use a DDOS Protection service.
That’s all in this Post, I hope you find a lots of informative data here.Hackers are hidden tools which can do anything either in good ways or bad ways.So, I would prefer you to Be Safe and Enjoy your web experience UNTIL you hit by an Anon.