{"id":384,"date":"2017-02-09T00:46:51","date_gmt":"2017-02-09T00:46:51","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=384"},"modified":"2017-02-09T00:46:51","modified_gmt":"2017-02-09T00:46:51","slug":"anatomy-of-an-attack-dns-amplification-2","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/anatomy-of-an-attack-dns-amplification-2\/","title":{"rendered":"Anatomy of An Attack \u2013 DNS Amplification"},"content":{"rendered":"<p><strong><em>Author: Vann Abernethy, Field\u00a0CTO<\/em><\/strong><\/p>\n<h4>Overview<\/h4>\n<p>DNS amplification attacks ramp up the power of a botnet when targeting a victim.\u00a0 The basic technique of a DNS amplification attack is to spoof the IP of the intended target and send a request for a large DNS zone file to any number of open recursive DNS servers.\u00a0 The DNS servers blindly respond to the request, sending the large DNS zone response to the attack target.<\/p>\n<h4>Victim of Attack Vector<\/h4>\n<p><span id=\"more-1538\"><\/span>As an example, a recent Spamhouse attack saw request data of roughly 36 bytes in length, while the response data was around 3000 bytes, meaning the attackers effectively amplified the bandwidth used by a factor of 100.\u00a0 Additionally, because the responses exceeded the MTU, the packets were fragmented and the required reassembly further exasperated the problem.<\/p>\n<h4>Remediation Recommendations<\/h4>\n<p>At its core, this style of attack is an IP spoofing attack.\u00a0 A good first step to protect yourself is to implement <a href=\"http:\/\/www.bcp38.info\/index.php\/Main_Page\">BCP38<\/a> (Best Common Practices) which helps cut down on IP spoofing.\u00a0 Additionally, recursive servers should be restricted to your enterprise (or at most, B2B customers), and authoritative servers should be configured to use DNS Response Rate Limiting.\u00a0 A final good step is to either to obtain a mitigation service or purchase equipment that provides purpose-built DDoS defense.\u00a0 Most commercial anti-DDoS services and equipment providers have advanced anti-spoofing technologies built in that act as a good catch-all for even the most sophisticated attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Author: Vann Abernethy, Field\u00a0CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.\u00a0 The basic technique of a DNS amplification attack is to spoof the IP of the intended target and send a request for a large DNS zone file to any number of open recursive DNS servers.\u00a0 The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7803,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[6],"tags":[],"class_list":["post-384","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emergency-response"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Author: Vann Abernethy, Field\u00a0CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.\u00a0 The basic technique of a DNS\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2017-02-09T00:46:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Author: Vann Abernethy, Field\u00a0CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.\u00a0 The basic technique of a DNS\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuto\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Anatomy of An Attack \u2013 DNS Amplification\",\"datePublished\":\"2017-02-09T00:46:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/\"},\"wordCount\":243,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/DNS1.jpg\",\"articleSection\":[\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/\",\"name\":\"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/DNS1.jpg\",\"datePublished\":\"2017-02-09T00:46:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/DNS1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/DNS1.jpg\",\"width\":1920,\"height\":1357,\"caption\":\"Binary code on blue spheres, digital concept.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/anatomy-of-an-attack-dns-amplification-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Anatomy of An Attack \u2013 DNS Amplification\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS","og_description":"Author: Vann Abernethy, Field\u00a0CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.\u00a0 The basic technique of a DNS","og_url":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/","og_site_name":"NSFOCUS","article_published_time":"2017-02-09T00:46:51+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS","twitter_description":"Author: Vann Abernethy, Field\u00a0CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.\u00a0 The basic technique of a DNS","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"1 minuto"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Anatomy of An Attack \u2013 DNS Amplification","datePublished":"2017-02-09T00:46:51+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/"},"wordCount":243,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg","articleSection":["Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/","url":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/","name":"Anatomy of An Attack \u2013 DNS Amplification - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg","datePublished":"2017-02-09T00:46:51+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/02\/DNS1.jpg","width":1920,"height":1357,"caption":"Binary code on blue spheres, digital concept."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/anatomy-of-an-attack-dns-amplification-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Anatomy of An Attack \u2013 DNS Amplification"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=384"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/384\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/7803"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}