DNS traffic and DDoS events rise during pandemic
New research from DNS intelligence specialist Farsight Security, focusing on over 300 leading websites, finds that between March and April there has been an increase in DDoS events involving popular brand names.
It also reveals that DNS cache misses (which occur when the data fetched is not present in the cache) showed an increase of between four and seven times.
While most of the studied sites exhibited this 'step up' traffic pattern, there was variation among the studied sites in terms of magnitude and timing, with higher education sites tending to exhibit an increase, which would subsequently drop, producing a hill rather than a plateau.
Some sites experienced spikes in volume which Farsight believes represent denial of service (DDoS) attack traffic reflexively targeting unrelated third-party sites.
"Different people use the Internet differently," says Dr Paul Vixie, chairman, CEO and co-founder of Farsight Security. "When the headlines are all about some new mass shooting or as in this case a virus pandemic, most of the DNS traffic related to those headlines will be due to fraudulent or criminal activity by those hoping to 'cash in' on the public's attention. Therefore, it is worth our time to study DNS traffic patterns during every global event, to characterize current abuses of the system and to predict future abuses."
To reduce the risk of DDoS events, Farsight recommends that nameserver vendors ship their products with Response Rate Limiting (RRL) enabled by default and that existing servers should have RRL enabled in their configurations.
The full report is available from the Farsight site.