https://www.wired.com/story/dns-ddos-amplification-attack/
By Andy Greenberg
Security
Wired.com
05.19.2020
IN OCTOBER 2016, a botnet of hacked security cameras and internet routers
called Mirai aimed a gargantuan flood of junk traffic at the servers of Dyn,
one of the companies that provides the global directory for the web known as
the Domain Name System or DNS. The attack took down Amazon, Reddit, Spotify,
and Slack temporarily for users along the East Coast of the US. Now one group
of researchers says that a vulnerability in DNS could allow a similar scale of
attack, but requiring far fewer hacked computers. For months, the companies
responsible for the internet's phone book have been rushing to fix it.
Today researchers from Tel Aviv University and the Interdisciplinary Center of
Herzliya in Israel released new details of a technique they say could allow a
relatively small number of computers to carry out distributed denial of service
attacks on a massive scale, overwhelming targets with fraudulent requests for
information until they're knocked offline. The DDoS technique, which the
researchers called NXNSAttack, takes advantage of vulnerabilities in common DNS
software. DNS converts the domain names you click or type into the address bar
of your browser into IP addresses. But the NXNSAttack can cause an unwitting
DNS server to perform hundreds of thousands of requests every time a hacker's
machine sends just one.
That multiplicative effect means that an attacker could use just a handful of
hacked machines, or even their own devices, to carry out powerful DDoS attacks
on DNS servers, potentially causing Mirai-scale disruption. "Mirai had like
100,000 IoT devices, and here I think you can have the same impact with only a
few hundred devices," says Lior Shafir, one of the Tel Aviv University
researchers, whose work was supervised by Yehuda Afek and IDC Herzliya's Anat
Bremler-Barr. "It's a very serious amplification," Shafir adds. "You could use
this to knock down critical parts of the internet."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
