A team of researchers from Tsinghua University has unveiled DNSBomb, a novel and potent Denial of Service (DoS) attack that exploits DNS queries and responses.
The findings, presented at the prestigious IEEE Symposium on Security and Privacy (Oakland S&P ’24) in San Francisco, have sent ripples through the cybersecurity community.
DNSBomb represents a significant advancement in DoS attack techniques, leveraging the recursive nature of DNS resolvers to amplify traffic exponentially.
The attack can generate traffic flows of up to 8.7 Gbps, potentially overwhelming targeted infrastructure such as DNS servers and Content Delivery Networks.
Key features of the DNSBomb attack include:
1.Recursive DNS Reflection: Attackers can reflect malicious DNS queries off DNS resolvers across the network.
2.Traffic Amplification: The recursive nature of the queries allows for massive traffic amplification.
3.IP Spoofing: The attack involves IP-spoofing multiple DNS queries to a domain controlled by the attacker.
The research has garnered significant attention, with over 40 news outlets covering the discovery, including The Hacker News, Cyber Security News, and dns-operation.
In response to this threat, the cybersecurity community is mobilizing.
Twenty-four vendors, including maintainers of popular DNS software like BIND, Unbound, PowerDNS, and Knot, have acknowledged the issue and are working on code fixes.
Ten CVE-IDs have been allocated for vulnerabilities discovered during this research.
Experts recommend several defensive measures:
- Implementing rate limiting and filtering on DNS queries
- Hardening DNS resolver security
- Regular updates and patching of DNS software
As DNSBomb poses a significant threat to critical internet infrastructure, organizations are advised to stay vigilant and adopt robust defense strategies to protect their information systems.