The number and severity of DNS (Domain Name Service) server attacks has risen sharply on networks around the globe, as phishers, pharmers and other malicious code writers embrace the latest way to circumvent traditional forms of mitigation.
Sandvine, a provider of intelligent broadband management products for Internet service providers, has observed an increase in server attacks, particularly DNS attacks on broadband networks. DNS servers are suddenly overwhelmed by a glut of spoofed DNS requests and responses, causing the server to process requests slower and slower until it eventually fails entirely, impacting subscribers’ ability to use the Internet for the duration of the attack.
Sandvine Security Operations Services team has identified increases where single attackers performed over 1000 times the normal amount of lookups on a DNS server in a 12-hour period. These attackers are engaging in a form of DNS attack called DNS poisoning – the act of tainting the server’s cache with incorrect routing information so illegitimate sites appear in a browser despite a legitimate web address being requested.
One successful poisoning attempt could affect many thousands of users, and result in droves of subscribers being taken to exploitive sites that bilk them of their personal information, steal their identity, download malware (worms, spyware, adware, etc.) onto their computers, or bombard them with irrelevant advertisements, even though they typed the correct URL into their browser or followed the right hyperlink. Poisoning can be accomplished by individual computers or by networks of ‘zombie’ computers directly on the ISP’s network or spread around the world.
As threatening as DNS attacks and poisoning are to the personal-information integrity of subscribers, the damage is compounded for broadband service provider networks. DNS attacks are responsible for overwhelming DNS servers to the point of failure, causing massive, wide-scale service outages. This results in subscriber churn, destroys brand equity, and can cost millions in subscriber refunds, not to mention the substantial financial burden of trying to identify and alleviate the problem.
“Broadband service providers must protect their network and subscribers with multi-layered, network-based approaches,” said Don Bowman, VP, Consulting Systems Engineering, Sandvine Incorporated. “Attacks and malicious code are becoming more and more evasive and targeted. Service providers need to proactively monitor their networks for threats and respond in real-time to shut down these attacks.”