Doing more to protect your DNS from DDoS
by Chris Marrison - EMEA Technical Director, Infoblox - Thursday, 13 February 2014.
External authoritative name servers should be broadly geographically distributed wherever possible which will not only help to avoid single points of failure, but will also provide the added advantage of improving response time performance for their closest customers.

And, in the face of the huge number of responses resulting from a DDoS attack, itís worth considering overproviding existing infrastructure, a process that is both inexpensive and easy to trial prior to an incident.

Cloud-based DNS providers run name servers of their own in data centers around the world. These can be configured as secondaries for an organizationís own, with data loaded from a master name server designated and managed in-house. Itís worth noting, though, that most of these providers bill for the number of queries received, which will of course increase significantly during a DNS attack.

Unwitting accomplices

As well as configuring their DNS infrastructures to resist DDoS attacks, organizations should also ensure they donít become unwitting accomplices in DDoS attacks against others.

Unless the company is one of the very few that runs an open recursive name server, it can limit DNS queries to those IP addresses on its internal networks, thereby making sure that only authorized users have access to its recursive name servers.

And for those that run authoritative name servers, Response Rate Limiting (RRL), incorporated into BIND name servers, makes it difficult for attackers to amplify queries, stopping responses being sent to a single IP address at any rate higher than a pre-programmed threshold.

By understanding how DDoS attacks exploit DNS servers, and recognizing the signs, organizations can take measures to lower the threat on their own infrastructure, and avoid becoming complicit in attacks on others.

Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //