Tag: DDoS Attack

What is a Recursive DNS server?

Martin Pramatarov / / DNS

When you browse the internet, you don’t write IP addresses to go to the pages you want; you just write the domain. In the “backstage”, every request that you do, passes through a DNS query. It first goes to your internet provider’s recursive DNS server. If it can’t find in the cache, the information needed, it will continue to other recursive servers until it gets to an authoritative DNS server who can give the IP address of the required domain. Basically, it is a name server, that is a middle-man between you, the user, and the authoritative DNS server.

Tasks of the recursive DNS server:

1. Checks if the IP address is stored in the cache memory. There is a certain period of time, pre-defined by the domain’s owner called Time to Live or TTL. It says for how long the recursive server can hold the information. If it is still there, it will return the answer fast and won’t take further actions.
2. Searches for the IP address elsewhere. If it is not in the cache, it will continue the searching process until it gets to an authoritative server which has the information.
recursive DNS server

Continue reading “What is a Recursive DNS server?”

Most significant DDoS attacks in the recent years

Martin Pramatarov / / DNS

DDoS attacks are getting stronger, and they happen more often every year. With the technology advance, there are many more connected devices out there. Billions of mobile phones and many “smart” connected gadgets are easily hackable. As IoT (internet of things) is getting more popular, but not secure enough, this danger will keep rising.

DDoS Attacks

Continue reading “Most significant DDoS attacks in the recent years”

DDoS amplification attacks by Memcached

Boyan Peychev / / DDoS
DDoS amplification attack
DDoS amplification attack

What is DDoS amplification attack?

These attacks usually use the UDP protocol. It is a simple connectionless communication model with a minimum of protocol mechanism. This means that one of the sides in the communication can send large amount to the other without restrictions. Without any confirmation and it doesn’t matter if the second side receive the data.

Due to the way the UDP protocol works, cyber-criminals use it to generate DDoS amplification attacks. The attacker sends a small UDP request with a spoofed IP address of the victim to public services.

The UDP protocol doesn’t require a connection verification between the parties. This is why the public services reply with the requested data to the IP address of the victim. As bigger is the data returned by exploited public service, bigger is the DDoS amplification factor.

In the past few years, hackers have exploited many public DNS resolvers and NTP servers to generate massive DDoS attacks against popular websites and services. Continue reading “DDoS amplification attacks by Memcached”

What is backup DNS?

Martin Pramatarov / / DNS

DNS is the backbone of the internet. It connects all the users to the content they need. It is a constant exchange of information, but sometimes the DNS fails and this cause downtime. A blackout period that can be evaded by using a backup DNS.

Backup DNS

Backup DNS, also known as Secondary DNS or alternative DNS is a system of one or more DNS servers, who have a copy of the zone data (DNS records) of the Master (Primary) DNS server. It adds resilience, reduce the outage periods by answering requests even if the Master is down.

It is easy to set up, and it can save you tons of problems. If your Master DNS got damaged and lost the information, you would still have a copy in your Backup DNS.

backup DNS

 

What is the worst that can happen? Dyn DNS attack of 2016

Continue reading “What is backup DNS?”