The home routers are riding a wave of popularity due to the fact that people have many devices to connect to at home and most of them use WiFi. Eventually, these home routers make ISPs vulnerable to many risks such as DNS-based DDoS attacks. According to Nominum, there has been significant increase in number of DNS-based DDoS amplification attacks on home routers. The objective of attackers is to generate as much traffic as well so that the network gets choked resulting in the network being inaccessible for the users.
Main points of research conducted by Nominum are as follows:
- Tens of millions, 24 million, expose ISPs to DNS-based DDoS because of open DNS proxies.
- More than 5.3 million of these routers were used just in February 2014 for amplification attacks.
- DNS is the most popular and easy method of amplification attacks.
- Attackers are constantly registering new domains just for amplification attacks.
Anatomy of a DNS-based DDoS attack. Credit: Nominum
The attacks result in hurting ISPs in many ways: chocking the bandwidth of the network; support costs increases as costumers call in large numbers; the ISPs need to spend more money to retain their customers and upgrade their defense; and the reputation of an ISP gets affected.
Nominum suggests, in their own words, that following measures shall be taken to thwart DNS-based DDoS attacks:
- New Best Practices are needed.
- Fine-grained rate limiting.
- Dynamic threat lists to eliminate queries to “purpose built” domains.
- Logging of DNS data for forensics and reporting.
- “Always on” display of key DNS data.
Nominum suggests their recently launched Vantio ThreatAvert to protect ISPs through maintaining an up-to-date database of malicious domains called Nominum’s Global Intelligence Xchange (GIX) and through Precision Policies which helps identify and thus protect against the attack traffic.
“ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic. ThreatAvert combined with ‘best in class’ GIX portfolio overcomes gaps in DDoS defenses, enabling ISPs to constantly adapt as attackers change their exploits, and precision policies surgically remove malicious traffic,” said Sanjay Kapoor, CMO and SVP of Strategy, Nominum.