TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

What Is a DNS Amplification Attack?

2019-07-26 · Read original ↗

ATT&CK techniques detected

14 predictions
T1498Network Denial of Service
88%
“server is ever overloaded. in addition to the above, if the amount of incoming traffic is saturating the network connection, organizations should work closely with their isps to block traffic upstream. while isp solutions are often the cheapest, they are typically the least flexi…”
T1071.004DNS
85%
“for anyone — including attackers. using these open resolvers, attackers can send many fake requests without raising any red flags. so, what ’ s next for attackers? amplification. remember, their goal is to turn relatively small dns requests into huge responses. a typical dns requ…”
T1498Network Denial of Service
76%
“what is a dns amplification attack? introduction f5 labs attack series education articles help you understand common attacks, how they work, and how to defend against them. what is a dns amplification attack? a domain name system ( dns ) amplification attack is just one of many t…”
T1498Network Denial of Service
64%
“cannot be defended against in the same way as traditional ddos attacks — for instance, by blocking specific source ip addresses — because the source traffic appears to be legitimate, coming from valid, publicly accessible dns resolvers. ( blocking all traffic from open resolvers …”
T1498Network Denial of Service
57%
“a certain size, they will get fragmented into smaller ones. either way, the net result of the attack is still the same — the victim ’ s system will still be overloaded because it must handle all of those fragmented packets and reassemble them. the other equally significant point …”
T1071.004DNS
53%
“a weapon against a targeted victim ’ s website. the goal is to flood the website with fake dns lookup requests that consume network bandwidth to the point that the site fails. to understand how the attack works, let ’ s revisit at a high level how dns works. when a user types www…”
T1498.001Direct Network Flood
48%
“server is ever overloaded. in addition to the above, if the amount of incoming traffic is saturating the network connection, organizations should work closely with their isps to block traffic upstream. while isp solutions are often the cheapest, they are typically the least flexi…”
T1498Network Denial of Service
44%
“the freeway all at once completely impair the normal flow of traffic. a dns amplification attack uses different techniques to accomplish the same end goal of denying service. instead of thousands of cars flooding the freeway at one time, imagine six wide - load trucks traveling s…”
T1499Endpoint Denial of Service
40%
“server is ever overloaded. in addition to the above, if the amount of incoming traffic is saturating the network connection, organizations should work closely with their isps to block traffic upstream. while isp solutions are often the cheapest, they are typically the least flexi…”
T1572Protocol Tunneling
38%
“and more. suddenly, a 10 - byte dns request could generate a response that ’ s 10, 20, even 50 times larger. figure 2. a specially crafted dns request could return a response that ’ s 100 times larger the role of udp in dns amplification attacks but, what ’ s still wrong with thi…”
T1071.004DNS
38%
“and more. suddenly, a 10 - byte dns request could generate a response that ’ s 10, 20, even 50 times larger. figure 2. a specially crafted dns request could return a response that ’ s 100 times larger the role of udp in dns amplification attacks but, what ’ s still wrong with thi…”
T1498.001Direct Network Flood
38%
“what is a dns amplification attack? introduction f5 labs attack series education articles help you understand common attacks, how they work, and how to defend against them. what is a dns amplification attack? a domain name system ( dns ) amplification attack is just one of many t…”
T1557.001Name Resolution Poisoning and SMB Relay
37%
“spoofing the source ip address in specially crafted dns requests, the attacker amplifies the response sent to the victim of course, to be successful, an attacker still needs to send multiple dns queries and likely will use multiple dns resolvers to carry out this attack. an advan…”
T1557.001Name Resolution Poisoning and SMB Relay
33%
“the freeway all at once completely impair the normal flow of traffic. a dns amplification attack uses different techniques to accomplish the same end goal of denying service. instead of thousands of cars flooding the freeway at one time, imagine six wide - load trucks traveling s…”

Summary

Attackers use the Domain Name System (DNS) as a weapon against unsuspecting victims to bring down their websites.