DDoS attack on Time Warner Cable’s DNS Servers
At the end of February, a distributed denial of service attack on Time Warner Cable’s DNS Servers severely impacted subscribers connections for over a week. The problems were supposedly localized to Southern California, according to TWC. Although DDoS attacks are commonly conducted on major ISPs, this attack had more impact and was harder to control. Recently a new DNS DDoS attack technique was discovered which can cause more powerful DoS attacks, DNS Amplification.
“This new tactic uses a very short query, asking simply the name servers for the ‘.’ domain [a single dot],” said Don Jackson, director of threat intelligence at network security provider SecureWorks. “This domain is the root server domain, so the answer is large [or long]. A list of all the root domain name servers is sent back in response.” If the source IP is spoofed to a target’s adddress, the target will receive all the responses from the DNS Servers and likely be brought down.
According to an Arbor Networks study, DDoS attacks doubled in bandwidth from 2007 to 2008. Given the new DNS Amplification DDoS attack and the rate of DDoS growth, soon even major ISPs may be vulnerable to attack.
As a way to mitigate DNS server problems, users can switch to use OpenDNS which queries other DNS servers than the local ISP’s DNS servers.
articles:
http://www.scmagazineus.com/NewstyleofDNSamplificationcanyieldpowerfulDDoSattacks/article/126839/
http://arstechnica.com/security/news/2009/02/time-warner-cable-blames-ddos-attack-for-spotty-service.ars
http://news.cnet.com/8301-1009_3-10093699-83.html?part=rss