>> On October 21st, 2016, a major company, Dyn, that's responsible for DNS services of hundredsof major websites, including PayPal, Amazon, Twitter, CNN, Fox News, GitHub, Visa,and more was brought down by a distributed denial of service attack, as tens of millionsof IP addresses sent DNS queries to Dyn servers, which brought them down.All of those sites, as well as others, through side effects,were brought down by nearly 100,000 IOT, internet of things, devices that were infectedwith malware, and were part of the Mirai botnet.DDoS attacks on DNS servers to prevent FQDNs, Fully Qualified Domain Names,from being resolved into their corresponding IP addresses can be fatal for a company.The Dyn attacks cost the victim companies hundreds of millions of dollarsas their sites were inaccessible, stopping incoming revenue.Mitigating this DNS-focused DDoS attack involves knowing what your baselineof incoming queries should be, and then taking appropriate actionsif that threshold is crossed.A UTM, Unified Threat Management, device, which performs many security functions,like network firewall, IDS/IPS, gateway anti-virus, gateway anti-spam, VPN,content filtering, load balancing, data loss prevention,and on-appliance reporting would be a great asset in this case.Mitigating can also be done by geographically distributing your authoritative DNS servers,since you'd be eliminating a single point of failure.As an added bonus, lookup time is improved for resolverssince the DNS servers will be geographically distributed, and closer to the actual resolvers.In fact, geographically distributing DNS serversthat are authoritative is the reason why the 13 logical route name servers haven't been fullybrought down by attempted DDoS's in any of the three major attacks on the route name servers.One in 2002, one in 2007, and the most recent one in 2015.Over-provisioning your DNS servers by setting baselines and allocating resources higherthan anticipated load is yet another due diligence act to tryto thwart DDoS attacks directed at your DNS servers.So is using a cloud provider, like Dyn.
转载于:https://www.cnblogs.com/sec875/articles/10028796.html
