DNS Server Spoofed Request Amplification DDoS ·

DNS Server Spoofed Request Amplification DDoS

The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone (‘.’) and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this ‘amplification’ to launch a denial of service attack against a third-party host using the remote DNS server.

Affected Systems

DNS Server

Manual Verification Tests

Command to be used

dig . NS @<IP>

Result Expected

Query is 17-20 bytes, Output would be considerably larger ( ~ 2000%+ ) can be verified by value in response as listed below

;; MSG SIZE rcvd: <VERY LARGE Number>

Vulnerability Identifications

CVE : 2006-0987

NESSUS : 35450

BUGTrack :

OSVDB :

Reference Links

https://www.tenable.com/plugins/index.php?view=single&id=35450
https://isc.sans.edu/diary/DNS+queries+for+/5713