A new shift in distributed Denial of Service attacks (DDoS) was published by Prolexic. The toolbox DNS Flooder is sold on the market and allows malicious users to use the Toolkit's DNS servers to launch unintended attacks without the need to find open and vulnerable DNS servers on the Internet. This DDoS method allows malicious users to launch powerful cyber attacks without having to spend time and money on creating an army of bots with malware infections.
Prolexic's infographic explains how the DNS Flooder toolkit works:
- The toolbox falsifies the target IP address and creates a DNS request that is sent to the attacker's DNS botnet.
- Attacker DNS botnets return an extended DNS (EDNS) response. This EDNS response includes much more data than the original DNS request. In some cases, an extended response had amplification factors of up to 50 times the bandwidth of the first request. Because the IP address that usesin the request was spoofed, the response is reflected back to the attacker's target.
- The toolbox continues to do so many times, which reflects and enhances the response to the goal each time it is repeated.
For more information on how to stop DDoS attacks from DNS Flooder, visit her page Prolexic