Distributed Denial of Service (DDoS) attacks against Domain Name System (DNS) providers are increasing in number and scale with the proliferation of insecure IoT devices. These attacks in turn affect websites dependent on such providers for name resolution. While DNS providers have various methods of protecting themselves against such attacks, one of the ways for a website to protect itself is to use multiple DNS providers.
2016 saw one of the largest DDoS attacks in history carried out against DNS provider Dyn. Spread out across three waves , it was orchestrated using a botnet of IoT devices that had been infected with the Mirai malware. Many services like Amazon, Paypal, Reddit and Github were affected. The attack led to Dyn not being able to respond to valid DNS queries for domains resolved by its nameservers, which led to the end users of such domains not being able to reach them.
The Dyn incident included a TCP SYN cookie based attack, according to Phil Stanhope , VP of Technology at Dyn, which exploits a fault in the Linux kernel. SYN cookies are a way to mitigate SYN flood attacks , which attempts to exhaust the target system’s resources by sending successive TCP SYN requests. However, SYN cookies have their own problems, since in Linux 3.
