TLDR:
- A new DoS attack called “DNSBomb” exploits DNS mechanisms to create powerful pulsing attacks.
- The attack can cripple target systems and cause significant disruption to internet services worldwide.
Cybersecurity researchers have discovered a new Denial of Service (DoS) attack named “DNSBomb” that takes advantage of DNS mechanisms to create a potent attack. By accumulating DNS queries and amplifying them into large responses, DNSBomb generates high-volume bursts that can overwhelm target systems, leading to packet loss and severe service degradation across various connection types. The researchers evaluated DNSBomb on mainstream DNS software, public DNS services, and open DNS resolvers, finding that all tested DNS resolvers could be exploited for more practical and powerful attacks.
The peak pulse magnitude of DNSBomb can reach up to 8.7Gb/s, with a bandwidth amplification factor exceeding 20,000x. This poses a significant threat to internet services globally. In response to the discovery, the researchers have proposed mitigation solutions and reported their findings to affected vendors. 24 vendors, including BIND, Unbound, PowerDNS, and Knot, are actively patching their software to address the vulnerabilities exploited by DNSBomb. Ten CVE-IDs have been assigned to tackle the issue.
The researchers emphasize that systems capable of aggregating “things,” such as DNS and Content Delivery Networks (CDNs), could be exploited to construct pulsing DoS traffic. The cybersecurity community is urged to collaborate in investigating and mitigating the DNSBomb threat. This discovery highlights the need for continuous vigilance and innovation in combating evolving cyber threats.