Hackers are launching DDoS attacks by exploiting DNS vulnerability

Researchers have found a flaw in DNS protocol which can be used to launch DDoS attacks.

The attack is named NXNSAttack and the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to servers that are selected by attackers. This increase in queries can cause a large scale disruption of services.

Several of the companies in charge of the internet infrastructure, including PowerDNS, CZ.NIC (CVE-2020-12667), Cloudflare, Google, Amazon, Microsoft, Oracle-owned Dyn, Verisign, and IBM Quad9, have patched their software to address the problem.

A recursive DNS lookup takes place when a client requests for an IP address. DNS resolver keeps on looking for the IP in various servers till it finds the one who can return the correct IP linked. The NXNSAttack works by sending a request for an attacker-controlled domain to a vulnerable DNS resolving server, which would forward the DNS query to the attacker-controlled server.

Instead of returning addresses to the actual servers, the attacker-controlled authoritative server responds to the DNS query with a list of fake server names or subdomains controlled by the threat actor that points to a victim DNS domain.

The query is then forwarded to all nonexistent subdomains which cause a huge rise in traffic leading to denial of service. Using botnets along with this attacks can be lethal as the attacks can become highly scalable and can target a huge population.

NPAV recommends using updated DNS resolver software and keep on patching them as it can prevent such scenarios taking place.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *