Why is DNS still so abusable?

By | September 18, 2012
Why hasn't UDP undergone any serious revisions in a long time? DNS is fast and critical, and one of the Achilles heels of modern internet. You can forge DNS servers, overload them, or even take down large portions of the internet from lay access by attacking them. And like this article mentions, you can use a deflection attack to build a massive DDoS attack.

/via +Wayne Radinsky 

How to Launch a 65Gbps DDoS, and How to Stop One – CloudFlare blog
Yesterday I posted a post mortem on an outage we had Saturday. The outage was caused when we applied an overly aggressive rate limit to traffic on our network while battling a determined DDoS attacker…

5 thoughts on “Why is DNS still so abusable?

  1. Sophie Wrobel

    +Paul Kelly IPv6 is a bit more than just that extra octet – it changes the security landscape of routing. I'm sure 'tweaking' DNS would be bigger, but at the same time not too unreasonable given the implications reliable and always online requirements on cloud computing have – and more and more critical systems being set into the cloud. Or everyone important builds their own custom DNS to insulate themselves, which would be rather counter-productive as that's not the idea of a standard.

    Reply
  2. Paul Kelly

    What a massive undertaking it would be to overhaul DNS! Just look at IPv6 – and all they did there was add an octet!
    Interesting thought though..

    Reply

Leave a Reply to Sophie Wrobel Cancel reply

Your email address will not be published.