DDoS Attacks on Internet's DNS Root Servers, Offender Unknown - How to, Technology and PC Security Forum | SensorsTechForum.com
CYBER NEWS

DDoS Attacks on Internet’s DNS Root Servers, Offender Unknown

internet-wikipedia-STFA rare DDoS (distributed denial-of-service) attack has been registered on the Internet’s DNS root servers.

More particularly, four nodes – B, C, G, and H – have been affected by slight timeouts. Two different attacks have been carried out by an unknown cyber crime group, as reported by RootOps. The first attack took place on the 30th of November, and continued 160 minutes. A second, shorter attack has happened on the 1st of December, which lasted only 60 minutes.

The DDoS Attacks Explained

Experts are reporting that the attacks were authentic DNS queries, addressed at one domain during the first attack, and at another one during the second attack.

The two attacks caused about five million queries per second per DNS root name server. The bad news is RootOps will most likely be unable to discover the attackers. One reason is that IP source addresses are easily spoofed. Furthermore, the source IP addresses applied in these DDoS scenarios were spread in a skillful and arbitrary manner throughout the IPv4 address space.

This is how the attacks were discovered:

Visibility of this event came about as a result of health monitoring by DNS root name server operators and other monitoring projects around the Internet. Often these are in the form of “strip chart” graphics showing response time variance of a periodic simple query against some set of servers, including DNS root name servers. Such test traffic may not be indicative of what happens to normal traffic or user experience.

The good news is no severe damage was done. The two DDoS attacks mainly led to a delay for some users making DNS queries through their browsers, FTP (File Transfer Protocol), and SSH (Secure Shell).
Due to the intertwined DNS structure, when one server isn’t responsive, other servers interfere and supply a DNS query result.

How to reduce the risk of DDoS attacks?

This is the advice given by RootOps :

Source Address Validation and BCP-38 should be used wherever possible to reduce the ability to abuse networks to transmit spoofed source packets.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...