A new vulnerability has been found in the design of the world's domain-name system that potentially can be exploited to flood websites off the internet.
Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. If you have an army of hacked PCs or devices – a botnet – at your command, and can find a DNS service that's vulnerable, you can theoretically generate enough network traffic to overwhelm a victim's system and knock it offline for all users.
Although denial-of-service attacks are a little 1990s, blasting a business off the web can lead to a loss of sales, reputation damage, and so on.< ..
Support the originator by clicking the read the rest link below.
