The DNS amplifier attack is a network attack. The network attacker sends a large number of format DNS query requests to the target server through an open domain name system server. This will cause the target server to suffer a large number of flood -type attacks that respond to data, and the network will have congestion and cannot provide normal services. DNS amplifies the characteristics of the DNS protocol. The attacker can disguise the target IP as the source IP of query. In this way, the response data will be sent to the target server, causing the data exchange to imbalance.
What are the characteristics of DNS amplification attack?
Amplification effect
Because the small query request sent by the attacker can trigger a large amount of response data, the attack has a magnifying effect, resulting in the increase in bandwidth consumption of the target server network.
Anonymous
The attacker can be difficult to track the attack source through the camouflage source IP address.
Network congestion
A large amount of data response may lead to network congestion, resulting in normal legal requests that cannot be responded, affecting the normal operation of the target server.
What are the measures for defense DNS amplification attacks?
Close the open DNS server
Make sure that your DNS server will not be charged and close the open groundwater query.
Limited DNS response
The DNS server only responds to the legal configuration query request and restricts inquiries.
Flow filtering
Use the firewall and intrusion defense system (IDS/IPS) to detect and filter a large amount of DNS response traffic.
Traffic Analysis
Monitor network traffic, timely identify abnormal traffic mode, and conduct real -time intervention and processing.
Dnssec
Deployment of DNSSEC (Safety Extension of the Domain Name System) can enhance the verification and protection capabilities of DNS queries.
Flow cleaning service
Consider using cloud security services, such as DDOS protection services, to clean illegal flow, and ensure that legal traffic can be submitted normally.
The above is the relevant explanation of the DNS amplification attack. DNS amplification attacks have a great threat to network security. Therefore, it is necessary to take effective measures to reduce its impact on the network and server during the use of the server.