Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DDoS fear as 24 million home routers fuel hidden DNS amplification attacks

John E Dunn | April 4, 2014
The spate of huge DNS DDoS amplification attacks of the last year probably had a previously undetected helping hand from millions of poorly-configured home routers, ISP security outfit Nominum has discovered.

Given the difficulty of remediating home routers whose owners can't easily be identified, Nominum's pragmatic alternative is to configure ISP-level DNS servers to drop this kind of traffic before it even gets to that level. Without this approach ISPs as well as targets would suffer the real consequences, he said.

The possibility that home routers could have been a hidden part of the DNS amplification DDoS phenomenon remains an intriguing story. If correct, the issue could be larger and harder to fix than experts have realised.

Amplification remains the new black for DDoS attackers, covering not only DNS but, more recently, a monster NTP attack on a customer of CloudFlare. For some reason, the attackers have it in for this relatively small but now quite famous firm or perhaps for its growing band of anxious customers.

Most home users will not find their routers behaving as DNS proxies but anyone that wants to check can test their device.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.