Follow

Q&A: What is a DNS Flood Attack?

 

Question

  • What is a DNS Flood Attack?
  • Is Silverline able to protect against DNS Flood Attack?

Environment

  • Silverline DDoS
  • Routed or Proxy DDoS protection

Answer

  • Also called a DNS Query flood, a DNS flood is one of the most common vectors used in DDoS attacks today.
  • An attacker sends a large number of spoofed DNS request packets to a target DNS server. A small number of hosts can generate thousands of requests per second, with spoofing they appear to come from hundreds or event thousands of different source IPs.
  • This makes it impossible for the target server to differentiate between legitimate DNS requests and malicious requests. In trying to serve all requests, the server exhausts its resources.
  • Large DNS Query floods can also saturate a customer's ISP links.
  • Silverline can protect against DNS Flood attacks using several available countermeasures.

Traffic Sample

21:27:16.344520 IP X.X.X.X.44829 > X.X.X.X.53: 36772 A? xqje65cf585aeib.s2c-supplier.test.com. (58)
21:27:16.344630 IP X.X.X.X.26718 > X.X.X.X.53: 10455 A? tyn8460f585f.glomac.test.com. (49)
21:27:16.345118 IP X.X.X.X.30970 > X.X.X.X.53: 31076 A? dmn9058f585iebbab.netviewer101.test.com. (60)
21:27:16.345725 IP X.X.X.X.41020 > X.X.X.X.53: 37567 [1au] A? iyn0b48f585fe.avedge-in.test.com. (64)
21:27:16.346153 IPX.X.X.X.15443 > X.X.X.X.53: 43920 A? vea5b85aa29.translationservicesq.test.com. (62)
21:27:16.346428 IP X.X.X.X.52320 > X.X.X.X.53: 25392% [1au] A? ybm93c23d46becebadh.cormapmobilep.test.com. (74)
21:27:16.346441 IP X.X.X.X.45413 > X.X.X.X.53: 58983% [1au] A? caaf801f3f9beia.gtac-cloud-gw.de.hca.test.com. (77)
21:27:16.347098 IP X.X.X.X.14826 > X.X.X.X.53: 47473 A? fbn61542c85ee.accept-edit.testwelt.test.com. (67)
21:27:16.347535 IP X.X.X.X.3794 > X.X.X.X.53: 56538+% [1au] A? qrj8790fd4bee.eea2.test.com. (71)
21:27:16.347563 IP X.X.X.X.41837 > X.X.X.X.53: 8425 [1au] A? ciff74dffcbaeddd.usirvc0ma106.world-test.test.com. (95)
21:27:16.347588 IP X.X.X.X.64684 > X.X.X.X.53: 22953 [1au] A? ajffeb8dec1hecf.hc-mrs.test.com. (63)
21:27:16.348723 IP X.X.X.X.40612 > X.X.X.X.53: 54900 A? tnn425ef585iefb.aedxbgc2ma173.world.test.com. (67)
21:27:16.349047 IP X.X.X.X.51267 > X.X.X.X.53: 16979 [1au] A? rrn055cf585decaa.eea.test.com. (61)
21:27:16.349204 IP X.X.X.X.33352 > X.X.X.X.53: 5207 A? kvn5b5ef585fe.mobilemon.test.com. (53)
21:27:16.349633 IP X.X.X.X.10644 > X.X.X.X.53: 10102 A? rrn055cf585b.extra.test.com. (48)
21:27:16.349914 IP X.X.X.X.28798 > X.X.X.X.53: 13952 A? vea5b85aa29dec.travel-services.test.com. (60)
21:27:16.350736 IPX.X.X.X.18331 > X.X.X.X.53: 63963 A? qgna457f585eegiiadjc.smartmobile99.test.com. (64)


Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request