We’ve previously discussed the recent massive DDoS attacks that were directed at the Spamhaus spam monitoring service, and which used open DNS resolvers to amplify their available bandwidth. We issued a call for ISPs, hosting companies, and others in the industry to do all they can to reduce the number of open recursive DNS resolvers on the Internet, but there are additional steps that can be taken to severely restrict the potential means of attack available.
DNS amplification DDoS attacks work by prompting open DNS servers to direct large amounts of data at a domain that isn’t the same as the originating domain of the request. To do this, packets are crafted so that the originating IP is spoofed. Responses are sent to the spoofed target address, and so, with a script and a relatively small amount of bandwidth, attackers can direct overpowering floods of data at their target.
Cutting attackers off by removing the open DNS servers is the optimal solution, but preventing packets with spoofed IPs ever from entering target networks will also help mitigate attacks.
Click fraud is the bane of the advertising industry. Publishers depend on display advertising to generate revenue. By displaying relevant advertising, they hope to encourage their users to click through to the advertiser’s landing page. Each such click is registered by the advertising network, and the network and publisher share the advertiser’s payment between them.
Determining whether a click on an advert was generated by a human is both difficult and essential. Advertisers don’t want to pay for clicks from sources that are never going to purchase their products. For advertising networks and the publishers however, there exists the incentive to increase click-through by whatever means they can. One of the most popular methods of generating fraudulent clicks is through the use of botnets, and in a recent announcement, Spider.io, an analytics company, related their discovery of one such botnet that was targeting a group of 200 sites.
Reston, VA, April 2, 2013 – DNS Made Easy, the leading provider of anycast managed DNS hosting, has requested that all responsible members of the Internet community make a concerted effort to close down the open DNS recursive resolvers that are frequently used for packet amplification distributed denial of service (DDoS) attacks.
An open DNS resolver is a server that accepts Domain Name Service requests from clients outside of its administrative domain, meaning that any machine connected to the Internet can make a DNS request of these resolvers. The originating IP of the request can be spoofed so that responses are sent to the attack’s target rather than the originator of the request.
It’s been a hectic few weeks in the DNS world, with DNS being brought into the mainstream media for all the wrong reasons. We’ve dealt with the enormous DDoS attacks that leverage open DNS resolvers elsewhere on this blog, so in our roundup of the month’s most interesting content, we’ll highlight other news that may have passed you by.