A significant new Denial of Service (DoS) attack named DNSBomb has been identified, exploiting DNS queries and responses to overwhelm targeted systems. This attack repurposes standard DNS security mechanisms such as reliability enhancement, security protection, and query aggregation into powerful vectors. By accumulating low-rate DNS queries and amplifying them into large responses, DNSBomb creates short, high-volume bursts of traffic that overload the targeted systems. The attack’s potency was demonstrated across 10 mainstream DNS software, 46 public DNS services, and over 1.8 million open DNS resolvers, indicating its broad applicability and potential for disruption.
In technical evaluations, researchers found DNSBomb more powerful than previous DoS attacks like the Pulsating DoS Attack (Shrew Attack) proposed in 2003. The attack workflow involves accumulating DNS queries at low rates, amplifying them into larger responses, and then concentrating these responses into powerful bursts directed at the target. This method leverages DNS’s reliability mechanisms to deliver all packets simultaneously, resulting in intense pulsing DoS traffic.
For the DNSBomb attack to succeed, an attacker must be capable of IP spoofing. Current statistics suggest that a significant percentage of IPv4 and IPv6 addresses are vulnerable to such spoofing. By purchasing a domain and establishing a controlled nameserver, attackers can initiate DNS queries towards exploitable resolvers, affecting any server or IP address of their choosing. The detailed research paper provides extensive insights into the attack vector, techniques, and mitigation strategies.
Reference:
