5 Common DNS Attacks

lindsey orrick / 12.17.18

The Domain Name System (DNS) security directly impacts both end users and service providers, as the system’s critical nature makes it a sought-after target for those attempting to compromise or disrupt Internet services via DNS attacks.  

DNS is the Internet directory that allows the translation of domain names/URLs into IP addresses and is a critical component of how users are able to interact with the vast number of resources at their fingertips. DNS is deployed in a hierarchy where root level DNS servers communicate with top-level domains, top-level domains with domains below them, and so on. Depending on how an organization implements DNS, they might manage and be responsible for a DNS subdomain. 

A 2018 survey by EfficientIP of 1,000 security and IT professionals found that 77% of organizations were subject to a DNS-based attack, and the average cost of downtime, response, and business loss due to a DNS attack was $715,000.  

Common DNS Attacks noted by Infoblox include:

  1. TCP SYN Flood Attacks – A DDoS DNS attack, typically leaves “hanging” connections by flooding DNS server with new TCP connection requests until the target machine fails.
  2. UDP Flood Attack – A DDoS DNS attack, sends a large number of UDP packets to a random port on the targeted host to confuse or overwhelm the target machine until it fails.
  3. Spoofed Source Address/LAND Attacks – A DDoS DNS attack, sends a spoofed TCP or UDP packet with the target host’s IP address to an open port as both source and destination. The reason this attack works is because it causes the machine to reply to itself continuously, therefore making it essentially unavailable to other applications.
  4. Cache Poisoning Attacks – A core DNS attack, poisons DNS cache typically in order to send legitimate requests to malicious websites.
  5. Man in the Middle Attacks – A core DNS attack, a compromised machine in the network can penetrate and take over the entire DNS structure and then route legitimate requests to malicious websites.

Managing a DNS system for your organization can be a daunting task given the security requirements that must be implemented. Fortunately, most of these attacks can be mitigated with proper technologies and configurations that guard against them.  

Amazon Web Services offers services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS Web Application Firewall, which help create a dynamic barrier to defend your hosted infrastructure.

DNS configuration standards, including CIS benchmarks and DISA STIGS, along with other AWS best practices provide an accessible path to security and can be implemented to limit exposure. Adherence to the principles in those configuration best practices can now be monitored using Halo Cloud Secure’s newest integrations with Amazon Route 53.

Learn more about how Halo Cloud Secure can give you security visibility into your inventory of DNS and help you figure out your external domain exposures. Read our AWS solutions here, or request a customized demo.