Skip to content

Hide Navigation Hide TOC

DNS as a vector for DoS (735b95e1-bd17-5375-a318-f5bf5ee014e6)

Adversaries may attempt to cause a denial of service by reflecting a high-volume of network traffic to a target. This type of Network DoS takes advantage of a third-party server intermediary that hosts and will respond to a given spoofed source IP address. This third-party server is commonly termed a reflector. An adversary accomplishes a reflection attack by sending packets to reflectors with the spoofed address of the victim. Two prominent protocols that have enabled Reflection Amplification Floods are DNS and NTP through the use of several others in the wild have been documented. These Reflection and Amplification Floods can be directed against components of the DNS, like authoritative nameservers, rendering them unresponsive.

Cluster A Galaxy A Cluster B Galaxy B Level
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab) Attack Pattern DNS as a vector for DoS (735b95e1-bd17-5375-a318-f5bf5ee014e6) FIRST DNS Abuse Techniques Matrix 1