You are troubleshooting an outage of your employer's website. During the investigation you learn that a large-scale DDoS attack is causing widespread Internet disruption. Attackers are sending small DNS queries to open resolvers while spoofing the source IP address of the target. The resolvers reply with much larger responses that are directed at the spoofed address, overwhelming the victim's infrastructure. What type of attack is being carried out?
This is a DNS amplification (or reflection) attack. The attacker forges the victim's IP address in many small UDP-based DNS requests sent to open resolvers. Each resolver responds with a much larger packet, multiplying the traffic aimed at the victim and quickly exhausting bandwidth and processing capacity. DNS and NTP are among the protocols most frequently abused for this form of volumetric DDoS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a DNS amplification attack?
Open an interactive chat with Bash
What is the difference between DNS amplification and DNS poisoning?
Open an interactive chat with Bash
Why are DNS resolvers vulnerable to amplification attacks?