WHAT IS A DDOS ATTACK?
A DDoS attack is when a bad actor floods a network, service, or application with unusually high volumes of traffic, overloading the system and preventing real customer requests from getting through. Exploited systems can include computers, networked resources, and Internet of Things (IoT) devices like your home DVR.
DDoS attacks use multiple infected machines to flood the victim's infrastructure, resulting in catastrophic failure. Such attacks are both easy and cheap, and thus have become an exploding cyber threat often aimed at domain name systems (DNS) to cripple online business. To defend against all types of DNS-based attacks, we suggest companies use a solution that comes with multiple layers of DDoS protection.
DNS nodes should be equipped with DDoS mitigation equipment to constantly monitor for malformed traffic as well as traffic from suspicious locations in higher than normal volumes. In many cases, mitigation happens locally. If an attack is supersized, malicious traffic should automatically re-route to a network that can handle the traffic volume, meaning a completely separate, purpose-built infrastructure. This limits any potential damage to the target nameserver's IPs. With the impact isolated, a 24/7 security operations team is free to be more aggressive in their counter measures.
SIX WAYS TO STRENGTHEN DNS SECURITY
There are numerous types of DDoS attacks that target DNS, including DNS amplification. In this assault, attackers exploit the vast number of open DNS servers on the internet, which can be used to respond to any and all small look-up queries with a spoofed IP of the target. The target then receives much larger DNS responses that quickly overwhelms its capacity. The goal: block legitimate DNS queries by exhausting network capacity.
RESIST DDOS ATTACKS
DDoS attacks are a serious business. Preventing them should be serious too. Through our partnership with Neustar®, CSC provides all the bandwidth you need to resist attacks, however large and complex, together with services to detect and filter them. With our built-in DNS DDoS protection, our solution combines local management with DDoS mitigation that quickly defends against attacks aimed at the network and ensures that your query uptime and availability aren't compromised.
WE'RE READY TO TALK
Our specialists are ready to answer your questions about mitigating DDoS attacks.