Prolexic Stops Massive DNS Reflection Attack

1 comment

Distributed denial of service protection services provider Prolexic announced on Thursday it has successfully mitigated what it says is the “largest DNS reflection attack ever recorded,” which peaked at 167Gbps.

Prolexic says the attack, which was directed against a real-time financial exchange platform on May 27th,  is the largest single DDoS attack the company has mitigated in its 10-year history.

The move comes a few weeks after Prolexic released its Quarterly Global DDoS Attack report for Q1 2013, a quarter that it says was defined by the increase in the targeting of Internet Service Provider and carrier route infrastructures.

“This was a massive attack that made up in brute force what it lacked in sophistication,” said Scott Hammack, CEO at Prolexic. “Because of the proactive DDoS defense strategies Prolexic had put in place with this client, no malicious traffic reached its website and downtime was avoided. In fact, the company wasn’t aware it was under attack.”

The DDoS mitigation for this attack was distributed across Prolexic’s four cloud-based scrubbing centers in Hong Kong, London, San Jose and Ashburn, Virginia, with its London center mitigating the majority of the malicious traffic.

The DNS Reflection Denial of Service technique exploits security weaknesses in the DNS Internet protocol, a practice in which an attacker makes many spoofed queries to many public DNS servers.

The source IP address is then forged to appear as the target of the attack. When a DNS server receives the forged request it replies, but the reply is directed to the forged source address, which is known as the reflection component.

The target of the attack receives replies from all the DNS servers that are used, making it extremely difficult to identify the malicious sources. If the queries generate larger responses, then the attack is said to have an amplifying characteristic.

Prolexic’s digital forensics confirmed that 92 percent of the machines participating in the attack were open DNS resolvers, sourcing from port 53, which represented a malformed DNS response.

The security provider recommends that all organizations proactively validate their DDoS mitigation service to reduce possible downtime, despite the size of the attack.

Prolexic has published a free white paper, “Planning for and Validating a DDoS Defense Strategy,” which maps out guidelines for protecting yourself against DDoS attacks.

Earlier this year, Prolexic launched a tool for the online security community to use for an instant snapshot of current global DDoS threats and activity.

Do you find Prolexic’s whitepapers helpful to the security of your hosting business? Have you experienced a DNS reflection attack on your business? Let us know in a comment.

Add Your Comments

  • (will not be published)

One Comment

  1. 167GBPS??!? that's overkill at its finest lol. That finance company is lucky they had services in place to prevent the attack.

    Reply