Skip to Main Content

DNSSEC Reflection Presents Severe DDoS Risk

Posted on 8.18.2016

Neustar has released a research report detailing how the Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks.


 SUBSCRIBE to Website Magazine & Accelerate 'Net Success


The report revealed that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-bute response, which results in an amplification factor of nearly 30 times. That can cause a network service outage during a DDoS attack.

“DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,” said Joe Loveless, Director Product Marketing, Security Services, Neustar. “If DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.”

WebsiteMagazineMiniLogo

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo