The DNS attack is a special one. Not as easily crafted as the others, there aren't that many tools readily available to the average script kiddie to construct such an attack. The DNS protocol is used for name resolution, 216.239.35.100 = google.com, simple as that? Well not really. A DNS attack is based on the fact that a DNS query takes very little data and bandwidth to create, but a DNS response is much bigger. So this is how a DNS attack would look like.
10.10.10.10 = victims IP
[dns query packet (who is google.com)] --> source IP is 10.10.10.10 --> [dns server]
[dns server] --> --> --> [dns response] [dns response] [dns response] --> [victim]
As you can see the attack is sort of relayed from a legitimate DNS server. Although the DNS response packets are 'legit' there is a massive flood of them because the DNS server that is sending them is a very good machine on a very good connection. The end user, most likely a home pc, gets flooded with these huge DNS response packets it never asked for.
No comments:
Post a Comment