Home / Industry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

New research by Nominum™, the innovation leader in DNS and Internet Activity applications for Communication Service Providers, today reveals evidence that DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide. A simple attack can create 10s of Gbps of traffic to disrupt provider networks, enterprises, websites, and individuals anywhere in the world.

Nominum's latest research reveals:

  • More than 24 million home routers on the Internet have open DNS proxies which expose ISPs to DNS-based DDoS attacks
  • In February 2014, more than 5.3 million of these routers were used to generate attack traffic
  • During an attack in January 2014, more than 70% of total DNS traffic on a provider's network was associated with DNS amplification
  • DNS is by far the most popular protocol for launching amplification attacks, with more available amplifiers than the next four protocols combined

DNS amplification attacks require little skill or effort and cause major damage; this is the reason why they are increasingly popular. Because vulnerable home routers mask the target of an attack it is difficult for ISPs to determine the ultimate destination and recipient of huge waves of amplified traffic. Nominum recently launched Vantio ThreatAvert to address the gaps in existing ISP DDoS defenses. The solution leverages Nominum's Global Intelligence Xchange (GIX), a database of malicious DNS amplification domains that is continuously updated, and Precision Policies, which enable ISPs to pinpoint and neutralize attack traffic. Together they enable ISPs to protect their networks proactively.

Traffic from amplification amounts to trillions of bytes a day disrupting ISP networks, websites and individuals. The impact on ISPs is fourfold:

  • Network impact generated by malicious traffic saturating available bandwidth
  • Cost impact generated by a spike in support calls caused by intermittent service disruption
  • Revenue impact as poor internet experience leads to increased churn or retention expenses
  • Reputation impact as unwanted traffic is directed toward peers

"Existing in-place DDoS defenses do not work against today's amplification attacks, which can be launched by any criminal who wants to achieve maximum damage with minimum effort," explained Sanjay Kapoor, CMO and SVP of Strategy, Nominum. "Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies."

"ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic. ThreatAvert combined with 'best in class' GIX portfolio overcomes gaps in DDoS defenses, enabling ISPs to constantly adapt as attackers change their exploits, and precision policies surgically remove malicious traffic."

More information about Nominum's solution to address DNS-based DDoS amplification attacks can be found here.

Nominum

About Nominum – Nominum is the innovation leader in DNS software and Internet Activity Applications. The company's Vantio™ CacheServe software powers the Internet for the world's largest CSPs in 40 countries. Vantio™ ThreatAvert software arms CSP's with the power to stop the spread of inside threats such as botnets and DNS-based DDoS amplification attacks that could impact network availability and reputation. Nominum's N2 applications enable CSP's marketing and customer care teams to leverage subscribers' Internet Activity to better engage, build brand loyalty, improve marketing ROI, and open up new business models. Nominum is a global organization headquartered in Redwood City, CA. Learn More

Related topics: Cyberattack, Cybersecurity, DDoS, DNS, DNS Security, Networks

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll