Attacks & Threats
DNS Amplification Attack
Definition
A reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
Examples
- An attacker sends ANY queries to thousands of open resolvers; each tiny query yields several-kilobyte responses to the victim.
- Mirai-derived botnets abuse residential CPE devices acting as open recursors to launch multi-hundred-gigabit DNS amp floods.
Related terms
DDoS Amplification
A DDoS technique that abuses UDP-based services to reflect responses many times larger than the spoofed request, allowing small attackers to generate massive flood volumes.
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
NTP Amplification Attack
A reflection DDoS attack abusing the NTP MONLIST (and similar) commands to make NTP servers reply with very large packets to a spoofed victim address.
DNS Spoofing
An attack that injects falsified DNS responses to redirect victims from a legitimate domain to an attacker-controlled IP address.
IP Spoofing
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
DNSSEC
A set of DNS extensions that cryptographically sign zone data so resolvers can verify the authenticity and integrity of DNS responses.