DNSSEC used as a way to carry out DDoS attacks
A security bulletin published by Akamai earlier this month shows that the company has ‘observed and successfully mitigated a large number of DNS reflection and amplification DDoS attacks abusing a Domain Name System Security Extension (DNSSEC) configured domain’. According to TheRegister, DNSSEC uses larger than normal DNS responses as a way to add extra security; attackers can use flaws in the DNSSEC to use such extra large responses as a way to amplify the number of corrupted network packets their send to a certain server, making it possible to take servers offline. Experts say that, while DNSSEC is being used for such attack, the actual fault is in ‘systems generating traffic with spoofed IP addresses and networks allowing such traffic’, and ‘remote applications that will respond to requests coming from compromise hosts’.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.