[pchelpers] Article:Why DNS Is Broken, Part 2: DoS Target

By Paul Parisi

Continuing from where we left off last time... Before we get into what
DNSSEC is and the benefits of it, let's talk about some of the other
potential pitfalls of DNS.

One of the most significant issues we have to deal with are
denial-of-service (DoS) attacks. While DoS attacks are not specific to
DNS we have seen DNS be a frequent target of these attacks. A DoS attack
is when hackers target your DNS server (or any resource) with a flood of
so much traffic that the server is unable to keep up and service
legitimate requests. Doing this to a DNS server is relatively easy and
rather difficult to prevent. Prevention is really only accomplished with
border devices such as firewalls which limit the number of connections
over time from any one source. However, it is much more difficult to
avoid when the attack is distributed. Most current attacks are
distributed. Hackers utilize armies of unsuspecting machines which have
been compromised, each to do just a little bit of work for them; it is
so little that it goes easily unnoticed.

More here:
http://www.circleid.com/posts/20090521_why_dns_is_broken_part_2_dos/
Part 1 here:
http://www.circleid.com/posts/20090408_why_dns_is_broken_part_1_trust/
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: