DNS Reflection Denial Of Service (DrDOS)- Are you prepared?

A DNS Reflection Denial Of Service (DrDOS) technique exploits security weakness in the domain name system(DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the target victim, which means all replies will go to the target. The target of the attack receives replies from all DNS servers that are used. This overwhelms the target by creating a DOS. In March 2013, SpamHouse, a Geneva based anti-spam organization, was targeted with such an attack, peaking at 300Gbps. In May, a UK-based financial exchange platform was targeted as well. http://alrt.co/19qhRX6

Takeaway: It is recommended that all organizations proactively validate their DDoS mitigation strategies to reduce possible downtime, despite the size of the attack. Prior to any type of DOS, an attacker will always do extensive reconnaissance through port and vulnerability scans. All can be avoided by the proper implementation of security technologies.