An attacker can send rogue DNS requests to a large number of open DNS resolvers and use spoofing to make it appear as if those requests originated from the target’s IP address. As a result, the resolvers will send their large responses back to the victim’s IP address instead of the sender’s address.
In addition to having an amplification effect, this technique makes it very hard for the victim to determine the original source of the attack and also makes it impossible for name servers higher up on the DNS chain that are queried by the abused open DNS resolvers to see the IP address of the victim.
via Open DNS resolvers increasingly abused to amplify DDoS attacks, report says – Computerworld.
Leave a Reply