DNS-based DDoS attacks are one of the most common cyber crimes on the Internet. These highly destructive attacks are carefully designed to manipulate and target DNS infrastructure. Unfortunately, it’s all too simple for cyber criminals to generate them, putting all companies at risk. These attacks are not always easy to spot, as they’re generated in a variety of forms, such as Teardrops, Pings of Death and Smurfs. It’s essential for companies of all sizes and cybersecurity professionals to adequately prepare for a DDoS attack, as the consequences can be substantial.
DDoS 101
A Distributed Denial of Service (DDoS) attack occurs when an online service is forcefully made unavailable by saturating it with traffic from a variety of sources. Attackers are paid to target all different types of online resources, barring access to them. Arbor Networks notes more than 2,000 daily DDoS attacks, totaling one-third of all downtime incidents.
Attackers infect computers by spreading malicious software through emails, social media and websites ? creating networks called “botnets.” These computers can be controlled remotely to launch attacks. Most of the time, the owner of the computer will not even realize it has been infected and is part of a botnet.
Botnets use a variety of methods to drive an immense amount of traffic to the target, effectively shutting it down. Attacks have been so intense they’ve been known to take down a country’s international cable capacity. Botnets and individual DDoS attacks can be purchased for just $150 on Internet marketplaces by anyone, making all organizations vulnerable.
Preparing and Mitigating DDoS Attacks
Monitoring your DNS infrastructure can help to identify DDoS attacks. First, determine your query load to set a standard baseline, so you’re well aware of what abnormal activity looks like. Then examine your Internet-facing infrastructure to check for any weak spots. Geographical distribution of your external authoritative name servers can help to mitigate attacks by avoiding single points of failure.
Overprovisioning your infrastructure is one of the easiest ways to avoid DDoS attacks. You’ll need to determine your server’s capacity first, so you know exactly how much to overprovision your servers.
Employing Anycast ? or shared IPs ? is another way to combat a DDoS attack, allowing one DNS infrastructure to use multiple name servers from different hosts. Using Anycast, the hosts supporting your name servers runs a dynamic routing protocol to present neighboring routers with a new IP address that your server name listens. The routing process is configured to stop promoting this path if the local name server fails to respond. You can use your own code to glue the routing daemon to the health of your name server or purchase a product that will do it for you.
Additionally, you can employ Anycast and wide geographical distribution simultaneously by using a cloud-based DNS provider. Companies like Dyn and Neustar can host your zones and answer queries from your data using one of their Anycast name servers in several data centers worldwide. You’ll maintain control over your zone data by having the provider configure its name servers as secondary servers for your zone, loading data from a master name server and controlling it internally. However, remembering to run the master hidden is essential, as you don’t want to risk being targeted as a single point of failure.
All companies are susceptible to DDoS attacks. Taking measure to protect your organization from the work of a malicious attacker is essential, as anyone can be next. Employing strategies like Anycast is a great way to be ready to combat an attack if you’re targeted, to ensure it won’t take your system down.