Tuesday, May 24, 2005
DNS Servers are Under Fire
Broadband service providers on the alert with DNS attacks on the rise
Waterloo, Ontario; May 24, 2005 – The number and severity of DNS (Domain Name Service) server attacks have risen sharply on networks around the globe, as phishers, pharmers and other malicious code writers embrace the latest way to circumvent traditional forms of mitigation.
Sandvine, world leader in intelligent broadband management solutions for Internet service providers has observed an increase in server attacks, particularly DNS attacks on broadband networks. DNS servers are suddenly overwhelmed by a glut of spoofed DNS requests and responses, causing the server to process requests slower and slower until it eventually fails entirely – impacting subscribers’ ability to use the Internet for the duration of the attack.
Sandvine Security Operations Services team has identified increases where single attackers performed over 1000 times the normal amount of lookups on a DNS server in a 12-hour period. These attackers are engaging in a form of DNS attack called DNS poisoning - the act of tainting the server’s cache with incorrect routing information so illegitimate sites appear in a browser despite a legitimate web address being requested.
One successful poisoning attempt could affect many thousands of users, and result in droves of subscribers being taken to exploitive sites that bilk them of their personal information, steal their identity, download malware (worms, spyware, adware, etc.) onto their computers, or bombard them with irrelevant advertisements - even though they typed in the correct URL into their browser or followed the right hyperlink. Poisoning can be accomplished by individual computers or by networks of ‘zombie’ computers directly on the ISP’s network or spread around the world.
As threatening as DNS attacks and poisoning are to the personal-information integrity of subscribers, the damage is compounded for broadband service provider networks. DNS attacks are responsible for overwhelming DNS servers to the point of failure, causing massive, wide-scale service outages. This results in subscriber churn, destroys brand equity, and can cost millions in subscriber refunds, not to mention the substantial financial burden of trying to identify and alleviate the problem.
“Broadband service providers must protect their network and subscribers with multi-layered, network-based approaches,” said Don Bowman, VP, Consulting Systems Engineering, Sandvine Incorporated. “Attacks and malicious code are becoming more and more evasive and targeted. Service providers need to proactively monitor their networks for threats and respond in real-time to shut down these attacks.”
For a trend analysis on this Internet phenomenon, visit www.sandvine.com/solutions/snapshot_DNS_attack.asp
Sandvine’s award-winning intelligent broadband network equipment helps broadband service providers characterize what really happens on their networks, enabling policies that improve customer satisfaction, reduce operational costs and improve profitability. Sandvine’s application and subscriber-aware solutions empower service providers to take control of P2P traffic, stop the proliferation of destructive worm, DoS and spam trojan traffic and ensure subscriber quality of experience (QoE). With over 100 deployments worldwide, Sandvine is protecting the Internet experience for more than 20 million broadband subscribers worldwide. To find out more, visit Sandvine online at www.sandvine.com.