A Layer 3 DNS amplification attack is a type of Distributed Denial of Service (DDoS) attack that exploits vulnerabilities in the Domain Name System (DNS) infrastructure. The “Layer 3” designation refers to the network layer of the OSI model, where IP addresses operate.
How Layer 3 DNS Amplification Attacks Work
Here is how Layer 3 – DNS Amplification Attacks work:
| Amplification Factor | Attacker sends a relatively small number of DNS query requests to open DNS resolvers. These requests are crafted to generate much larger responses from the DNS servers. |
| Spoofing Source IP | Attacker typically spoofs or forges the source IP address of the DNS query requests to make it appear as if they are originating from the victim’s IP address. |
| Open DNS Resolvers | Attacker targets open DNS resolvers. These are DNS servers that are configured to respond to DNS queries from any source, rather than only responding to queries from within their own network. Open resolvers are often misconfigured and can be unwittingly used in amplification attacks. |
| Large Responses | The DNS resolvers, upon receiving the forged DNS queries, respond with much larger DNS responses than the original queries. This amplification factor can be several times larger, meaning that the attacker can generate a substantial volume of traffic with a relatively small number of requests. |
| Overwhelm the Target | Attacker directs these amplified DNS responses toward the victim’s IP address. Since the responses are much larger than the original requests, the victim’s network and infrastructure can become overwhelmed, leading to service degradation or downtime. |
The objective of a Layer 3 DNS amplification attack is to flood the target’s network with a massive volume of DNS response traffic, causing it to become overloaded and disrupting normal operations. This type of attack is effective because it allows the attacker to leverage the amplification properties of the DNS protocol and the misconfigurations of open DNS resolvers.
Mitigating Layer 3 DNS amplification attacks involves implementing measures such as rate limiting on DNS resolvers, configuring network filtering to block traffic from known malicious sources, and ensuring that DNS servers are properly configured to minimize their potential for abuse in amplification attacks.
When using NOC’s platform an organization can mitigate Layer 3 attacks, including amplification attacks, when using it’s Authoritative DNS and CDN technologies. Our technology stack leverages a distributed infrastructure which includes advanced traffic management capabilities that comes from our globally distributed network.