DNS Amplification Attacks

 In addition to the DNS reflection attack discussed previously, a further variant of an amplification attack uses packets directed at a legitimate DNS server as the intermediary system. Attackers gain attack amplification by exploiting the behavior of the DNS protocol to convert a small request into a much larger response. This contrasts with the original amplifier attacks, which use responses from multiple systems to a single request to gain amplification.

 

As shown in the above picture a group of hacker generating queries of 50Mbps for DNS servers located in different cities. These DNS servers are compromised and amplifying requests to 2Gbps on each server with spoofed source IP addresses. each IP packet is of 64 Bytes and large amount of request packets are send to compromised server. The responses of these packets can chock the bandwidth of target network due to extensive packet stream.