SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure (R-3)
| Date Issued | Document | Reference ID | Current Phase |
|---|---|---|---|
| SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure (R-3) | SAC065 | CLOSED |
Description:
Recursive DNS server operators should take immediate steps to secure open recursive DNS servers. This involves:
a. Identify unmanaged open recursive DNS servers operating in the network and take immediate steps to restrict access to these servers in order to prevent abuse.
b. Follow SAC008 Recommendation 3 to (1) disable open recursion on name servers from external sources and (2) only accept DNS queries from trusted sources to assist in reducing amplification vectors for DNS DDoS attacks.
c. DNS Application Service Providers should take all reasonable steps to prevent abusive use of their open resolvers so that they are not targets of abuse. This would include continuous monitoring for anomalous behavior, limiting or blocking known abuse queries (e.g., ripe.net ANY); tracking likely target victim IPs (attacks reported or addresses of heavily targeted servers) and restricting or disallowing responses to those IPs; and sharing information with similar operators to coordinate efforts to quell such attacks.
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
