Page 28 - index
P. 28
Is your router being used for DDoS attacks?
DDoS is proliferating across the cyber landscape. This epidemic is causing trouble for web
hosts of all sizes. But did you know that you might be the unwitting accomplice for these
cyber crimes?
The Current State of DDoS
Distributed Denial of Service (DDoS) is an umbrella term that encompasses a wide variety of
cyber attacks. But they all share a basic goal; bring down or disrupt a target server by
inundating key systems and protocols with more information than it can handle.
Hackers are constantly upping the ante when it comes to DDoS. Just last month an NTP
DDoS attack reaching 400 Gbps sent shockwaves around the web. DDoS and other
malicious online behavior don’t look like they’re going anywhere soon.
DNS and Your Router
Another fashionable method making the hacker rounds is the DNS attack. DNS is essentially
the Internet’s version of a phone book, but instead of phone numbers it stores IP addresses.
DNS also does the job of translating IPs into domain names human users can intuitively
remember (with letters and words instead of numbers).
One domain might have many IPs. DNS also caches previous requests to reduce server
load and increase response times for users.
DNS amplification uses the protocol principles to overwhelm target servers. This method
starts when a hacker sends a DNS request to a middleman server (not the target server).
DNS requests require about 60 kbs of data, but they may demand server responses of
approximately 4000 kb--a factor of nearly 70x.
By sending requests to middleman servers, and then directing the 4000 kb response to a
target, hackers create the data amplification they need to wreak havoc.
This process is repeated en masse using botnets, or infected computers. The result is a tidal
wave of simultaneous demands on a single server, sometimes reaching in the hundreds of
Gbps. Unprotected servers cannot keep up with the requests, and they crash.
Here is the million-dollar question; where are the hackers finding these ‘zombie’ botnets to
do their bidding? Well, you might not have to look further than the device in your hands.
Your computer may be infected right now with malware or Trojans that can execute DNS
amplification functions on your behalf. These viruses are difficult to detect; you may not even
realize they’re operating on your device until you run a virus scan.
28 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
