03 Apr 2014
Around 24 million home routers can expose ISP networks to DNS-based DDOS amplification attacks according to a new study by DNS providers Nominium, says threatpost.com.
The company said that more than 5 million home routers with open DNS proxies were used to generate malicious traffic in February of this year.
DNS amplification occurs when a small DNS query of a few dozen bytes results in an answer of several gigabytes of unwanted traffic, which temporarily disrupts the ISP’s services, resulting in financial and reputation losses for the service provider.
Since open DNS resolvers are configured to accept queries from any IP address, compromised servers can send spoofed IP addresses to home routers. DNS resolvers answer the received queries and send responses back to home routers, which in return send a large volume of traffic to a targeted website.
“DDoS has always relied on address spoofing so anything can be targeted and traffic cannot be traced to its origin; but as with any exploit, attackers continuously refine their tactics,” Nominum said in its report.
ISPs can solve the address spoofing problem by restricting access to IP ranges or exclude malicious domains after comparing them with others from a shared ISP database