This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alen_Ilic
Employee
Employee
‎2019-11-04 11:21 AM
Jump to solution

'Water Torture' attack , DDoS against DNS

I dont seem to be able to find a CVE for this attack, so my question is if Check Point IPS blade can prevent these attacks? Or would that be something one would need DDoS protector? Little more info on the attack below.

 

Title: DNS Label-Prepending and -Substitution ('Water Torture') DDoS Attack Mitigation Recommendations for Authoritative DNS Servers
November 4, 2019

Description:

Netscout Arbor have observed a significant recent increase in the prevalence of DNS label-prepending and label-substitution attacks (also known as DNS 'Water Torture Attacks', which make use of DNS queries for nonexistent, programmatically-generated DNS records to force authoritative DNS servers for targeted organizations to both service the illegitimate DNS queries as well as generate large numbers of NXDOMAIN negative responses. The goal of the attacker in these circumstances is to overwhelm the resources of the authoritative DNS servers, thus rendering online properties of the targeted organization such as Web servers, email servers, et. al. unreachable due to failed name resolution. This is an indirect form of application-layer DDoS attack against the critical ancillary DNS name-resolution service, rather than directly attacking the applications and services running on targeted networks; if the DNS names for online resources cannot be resolved, they are effectively rendered unavailable to legitimate users.

1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2023-07-03 07:01 AM
In response to Maller
Jump to solution

Yes subject to the deployment scenario & relevant behavioral protection subscriptions being licensed.

Recommend discussing further with your local CP SE.

CCSM R77/R80/ELITE

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2019-11-12 01:02 PM
Jump to solution

Without pointers to a POC or similar to confirm, it's difficult to say.
0 Kudos
Maller
Contributor
‎2023-07-03 06:36 AM
Jump to solution

Hi 

Checkpoint anti-DDoS appliances have protection against water torture attacks?

 

thanks

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-07-03 07:01 AM
In response to Maller
Jump to solution

Yes subject to the deployment scenario & relevant behavioral protection subscriptions being licensed.

Recommend discussing further with your local CP SE.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top