Make your DNS server smarter to block DNS-based DDoS amplification attacks.
CHALLENGE: Network flooded by
D
DoS Amplification Attacks- Tens of millions of home routers expose provider networks to DNS-based DDoS
- Stealthy, low-skill attack evades existing defenses and Best Practices
- Attackers constantly register new “purpose built” domains only for amplification
- Substantial network impact: DNS servers, access networks, peering and transit
- Subscriber-perceptible attacks spike support calls, reduce satisfaction, stress ops teams
Anatomy of a DNS-based DDoS attack
SOLUTION: Effective DNS DDoS defense
Nominum blocks DNS-based DDoS attacks at the DNS server-level
- New Best Practices are needed
- Fine-grained rate limiting
- Dynamic threat lists to eliminate queries to “purpose built” domains
- Logging of DNS data for forensics and reporting
- “Always on” display of key DNS data
WHY NOMINUM? Prevent DDoS attacks before they start ?
http://nominum.com/ddos-amplification-attacks/?gclid=CJLm6IDV0L0CFYVZpQodSmkA5g
No comments:
Post a Comment
Thanks for watching