Friday, July 3, 08:02
Home security New vulnerabilities in DNS servers can be used for DDoS attacks large ...

New vulnerabilities in DNS servers can be used for large-scale DDoS attacks

A team of academics from Israel has released information about the NXNSAttack, a new vulnerability in DNS servers that can be used for large-scale DDoS attacks. According to the researchers, the new NXNSAttack vulnerability affects retroactive DNS servers and the DNS assignment process. Retrograde DNS servers are DNS systems that pass up DNS upstream questions to be solved and converted by one domain name in an IP address. These conversions are performed on valid DNS servers, servers that contain a copy of the DNS record and are authorized to resolve it. However, as part of the mechanism security of the DNS protocol, valid DNS servers can also "assign" this mode in alternative DNS servers of their choice.

In a recent study, academics from Tel Aviv University and Interdisciplinary Center in Herzliya of Israel, said they had found a way to abuse this assignment process for DDoS attacks. The NXNSAttack technique presents different aspects and variations, however the following are highlighted:

  • An intruder sends a DNS question to a retrograde DNS server. The question concerns a domain such as "", which it manages through a valid DNS server controlled by an intruder.
  • If the retroactive DNS server is not authorized to resolve this domain, it promotes the operation on the malicious authorized DNS server of the intruder.
  • The malicious DNS server responds to the retrograde DNS server with the message "I assign this DNS resolution function to this long list of name servers". The list contains thousands of subdomains from one site - victim.
  • The retrograde DNS server promotes the DNS question in all subdomains of the list, creating an increase in traffic to the victim's official DNS server.

The research team reports that an attacker exploiting the NXNSAttack could amplify a simple DNS question from 2 to 1.620 times compared to its original size, creating a huge increase in traffic that could crash a victim's DNS server. Once the DNS server is shut down, this also prevents users from accessing the attack site, as the site's domain can no longer be resolved. The research team also points out that the NXNSAttack (PAF) packet enhancement factor depends on software DNS running on a retrograde DNS server. However, in most cases, the boost factor is many times higher than other DDoS boost attacks, where PAF is usually between low prices 2 and 10. This PAF indicates that NXNSAttack is one of the most dangerous DDoS attack carriers. known to date, having the ability to carry out debilitating attacks.

In addition, Israeli researchers say they have been working with DNS software developers in recent months. networks content distribution and with DNS managed providers, for the application patches in DNS servers around the world. The affected software includes ISC BIND (CVE-2020-8616), NLnet labs Unbound (CVE-2020-12662), PowerDNS (CVE-2020-10995) and CZ.NIC Knot Resolver (CVE-2020-12667), but and DNS commercial services provided by companies such as Cloudflare, Google, Amazon, Microsoft, Oracle (DYN), Verisign, IBM Quad9 and ICANN. These patches have been released recently and include mitigations that prevent intruders from abusing the DNS assignment process to attack other DNS servers. Finally, server administrators running their own DNS servers are advised to update their DNS analysis software to the latest version.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Raspberry Pi: Computer-vision apps are enhanced with the Khronos OpenVX API

The Raspberry Pi Foundation has announced that it is bringing the OpenVX 1.3 API to Raspberry Pi devices to improve the so-called computer vision ...

EKANS ransomware: How does it target large industrial companies?

New samples of ransomware EKANS have revealed how today's online intruders use a variety of methods to endanger important industrial ...

The APT15 hacking team is linked to the Chinese government

In a report published today, the security company in the cyberspace Lookout stated that it found data that connects the malicious Android software ...

Dubai Police: Arrests hackers who attacked Greek companies!

Dubai Police: Arrests hackers who had attacked Greek companies: Raymond Igbalode Abbas, known as "Hushpuppi" and Olalekan Jacob Ponle, ...

Europe and the United States are worried about Google buying Fitbit

Pressure groups are signing a $ 2.1 million bid for Google's Fitbit health watchdog over concerns about secrecy.

Mageia Linux 8: The first alpha version has been released

Recently, Donald Stewart, creator of Mageia Linux, announced the availability of the new version of the operating system ...

Security researchers analyze the "anatomy" of an attack ransomware!

Researchers from the security technology company "Sentinel One" analyzed the "anatomy" of an attack ransomware, showing how hackers invaded a network and ...

CISA & FBI propose measures to protect against attacks through Tor!

The CISA and the FBI announced yesterday some measures that can contribute to the protection of organizations from cyber attacks that ...

Tesla: Breaks the stock market record and surpasses Toyota

Tesla shares hit red and became the most expensive car industry, beating Toyota, Disney and Coca Cola.

Hushpuppi: Hacker Raymond Abbas has been arrested for fraud

A Nigerian influencer-hacker named Raymond Abbas - appeared under the pseudonym Hushpuppi - and posted photos from his luxurious life ...