In a twist on distributed denial-of-service attacks, cybercriminals are using DNS servers–the phonebooks of the Internet–to amplify their assaults and disrupt online business.
In this new kind of attack, an assailant would typically use a botnet to send a large number of queries to open DNS servers. These queries will be “spoofed” to look like they come from the target of the flooding, and the DNS server will reply to that network address.
Using DNS servers to do their dirty work offers key benefits to attackers. It hides their systems, making it harder for the victim to find the original source of the attack. But more important, reflecting an attack through a DNS server also allows the assault to be amplified, delivering a larger amount of malicious traffic to the target.