DDoS Or Denial of Service Attacks

July 28, 2010 / General Discussion

Simply open your web browser, and type any website address in it. The browser will take you to the exact page or information that you are looking for. But, how does this happen? How could be browser so sure that the information on this server is what is needed by the user? The browser knows it because of the DNS – Domain Name System.

The fact is, when you enter your domain name in the browser, it sends a request to the DNS server which holds the lists of “domain-ip-addresses”. By searching the IP address of that particular domain, it forwards the request to the specific web server where the website data is stored and once it is found, it is resent to the browser, resulting the expected page or information the user is seeking for.

If the server does not have the information you entered for a domain name, the query sequence is sent to DNS server to a higher level and so on to get the result. Now, just think about the damage that might occur as a result of an attack on a server. That’s right, you need to know, what attack can performed on this type of server. Lets take a real example of attack that have taken place in the IT world. The attack was most popular and, carried the biggest expense and trouble to owners and users respectively.

It is a kind of attack, which is present in almost all lists of network attacks. Of course, this is DDoS Denial of Service – an attack that causes the victim’s condition. At first glance, the Internet , unlike other networks, is immune because of its global and, as a consequence, fragmentation components. But it is only at first glance, since the basis of this network are “platform components, which are the beginning and the foundation. Consequently, the elimination of the operational status of these components promise if you do not drop network, the serious troubles – exactly.

In the system of domain names there are total 13 root name servers.

These Root Name Servers are the status of Top Level Domain DNS. They have the largest database and are the beginning of the whole system. Ten of these servers are located in the United States of America. In order to avoid the physical impact on the servers, their location remains a secret, unfortunately.

In October 21, 2002 there was a DDoS attack for a very short period, aimed at ten our of thirteen Top Root Name Servers. The attack lasted about an hour. Maximum excess capacity of a single server identified by monitoring the attack, was found to be 40, that is 40 times more than he could handle the server. Naturally, after such an incident, the entire community was looking at the FBI. Those tried to get out of scrapes statement that “hackers used a sophisticated method of attack.” In fact, it was nothing more than an ordinary DdoS attack.

Of course, the one hour of attack does not caused much damage. But made it clear that not everything is as rosy as it seems, because it lasted.

If  lasted for five hours and so, the losses would considered to be billions. Why the one hour attack did not produce big losses? It is due to the fact that the DNS servers have the habit of recording information in the cache. It is this fact, and helped in this situation because the servers that are below the level than attacked, held out for that hour on the cache and have not performed queries. Therefore, the changes were not visible to the regular users of the network.

One of the methods of the DOS on the CSN can be AXFR (Asynchronous Full Transfer Zone) stream queries. Some of the root DNS Servers contain hundreds of thousands of records on servers in its zone of responsibility. Having formed AXFR query those DNS server, obtain this information, any user can. Fortunately, none of the servers in the domain .com, .org, .edu, .net, .mil and .gov allows AXFR queries.

However, much more vulnerable to a wide range of domains : .ar, .au, .bg, .cu, .cz, .ee, .eg, .es, .fi, .hu, .il, .in, .it, .my, .no, .pk, .se, .sg, .Tr, .Ua, .Za and .ru . If you are using BIND server as a solution to a problem with AXFR queries in versions 8 and 9, can use the mechanism limiting the transfer AXFR by allow-transfer.

Such is the history of DNS Servers having an ordinary DDoS attack. Thus, the DDoS attack is on the top of our list of possible attacks.