Create a Post

'Water Torture' attack , DDoS against DNS

I dont seem to be able to find a CVE for this attack, so my question is if Check Point IPS blade can prevent these attacks? Or would that be something one would need DDoS protector? Little more info on the attack below.


Title: DNS Label-Prepending and -Substitution ('Water Torture') DDoS Attack Mitigation Recommendations for Authoritative DNS Servers
November 4, 2019


Netscout Arbor have observed a significant recent increase in the prevalence of DNS label-prepending and label-substitution attacks (also known as DNS 'Water Torture Attacks', which make use of DNS queries for nonexistent, programmatically-generated DNS records to force authoritative DNS servers for targeted organizations to both service the illegitimate DNS queries as well as generate large numbers of NXDOMAIN negative responses. The goal of the attacker in these circumstances is to overwhelm the resources of the authoritative DNS servers, thus rendering online properties of the targeted organization such as Web servers, email servers, et. al. unreachable due to failed name resolution. This is an indirect form of application-layer DDoS attack against the critical ancillary DNS name-resolution service, rather than directly attacking the applications and services running on targeted networks; if the DNS names for online resources cannot be resolved, they are effectively rendered unavailable to legitimate users.

1 Reply

Without pointers to a POC or similar to confirm, it's difficult to say.
0 Kudos