More than 24M home routers enabling DNS amplification DDoS attacks

April 3, 2014 – 4:58 PM

Tens of millions of the home routers we rely on everyday for internet access are enabling Domain Name System (DNS) based distributed denial-of-service (DDoS) attacks, and owners may never even know it, according to research by DNS software provider Nominum.

Working collaboratively with the Open Resolver Project, Nominum learned that open DNS proxies in more than 24 million home routers are allowing for DNS-based DDoS attacks, according to a Wednesday post, which adds that 5.3 million of the routers were used to generate attack traffic in February.

The DDoS attack in question is known as a DNS amplification attack, which essentially involves an attacker spoofing an IP address, sending small DNS queries to the internet service provider (ISP) that return large answers, and then sending those amplified answers to the target.

“It’s a really low bar in terms of sophistication and the capabilities that attackers need,” Bruce Van Nice, Nominum director of product marketing who headed up the research, told on Wednesday. “They just need to send DNS queries. They need to sit somewhere on the internet where they can spoof an IP address. It’s pretty easy to do.”

The issue with this particularly sneaky and effective attack is that most home routers are not provided by the ISPs, meaning the internet provider cannot access the device for preventive upgrades, Van Nice said, adding that the set it and forget it mentality of the consumer, and the lack of owner awareness of even an ongoing attack, compounds the problem.


You must be logged in to post a comment.