Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Avoiding dns amplification attacks

1,058 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Avoiding dns amplification attacks

  1. 1. Avoiding DNS amplification attacks
  2. 2. Who am I?  @deassain  Security Advisor at a Big 4 company  security.stackexchange.com contributor  cloud101.eu
  3. 3. What is DNS amplification?  Distributed Denial of Service Attack  Abusing flaw in the DNS protocol's architecture  Spamhaus 300 Gbit/s
  4. 4. Reasons  DNS request vs DNS response (UDP)  Open resolving name servers  No implementation of BCP38
  5. 5. DNS Request vs Response Size  30 byte request → up to 500 byte response  1 Mbit on your machine → 17 Mbit at the target machine  Amplification
  6. 6. Open resolvers  Resolves DNS queries for any host  Spoof UDP source to target IP address  Tons of DNS responses end up at the target  Get your machines and disable recursion from the internet! (or the crypto bear will kick your ass )
  7. 7. BCP38: Ingres Filtering  Works for IPv4  http://tools.ietf.org/html/rfc2827  Upstream providers only allow traffic for IP blocks for which their clients are configured  Cooperation between ISPs

×