Industry Trends

When Half the Internet Goes Down Due to a Cyber-Assault on DNS Infrastructure

By Hemant Jain | October 21, 2016

On Oct 21, 2016, yet another cyber assault happened on a large DNS provider's infrastructure, bringing down websites and services on the east coast of the United States. While it is easy to launch these attacks, the solutions available in the market have not kept pace. FortiDDoS is the only hardware logic solution in the market today that easily distinguishes between attack traffic and legitimate traffic at high rates and keep services up during such attacks.

The DDoS attack on the DNS infrastructure of Dyn, a major DNS provider, made Spotify, Twitter, Amazon and many other websites unreachable.

Why is it easy to bring down DNS infrastructure?

It is pretty easy to overwhelm a DNS service. DNS is primarily based on the UDP protocol. This protocol can be easily spoofed - thus making it difficult to find the culprit at the destination which is getting attacked. Plenty of DDoS-for-hire services exist which make it easy for anyone to create such attacks. These booters have commoditized the DDoS attack. They make it cheap to extort, harass, and intimidate enterprises. 

Typical patterns of attacks on DNS infrastructure involve:

  • Unsolicited DNS responses
  • Quick retransmissions of DNS queries
  • Retransmission of queries despite having received a response
  • Retransmission of queries within the TTL (time to live)
  • Anomalous packets which do not follow the standard RFCs
  • Unexpected queries for domains that do not exist
  • Queries from spoofed clients
  • Queries from unwanted geographical areas

How to mitigate DNS DDoS Attacks?

FortiDDoS models starting from 200B going all the way to 1200B/2000B have a solution for customers and traffic of all sizes.

Read the following for more:

Join the Discussion