VA-NEUSTAR

16.8.2016 15:44:14 CEST | Business Wire | Press release

Neustar Research: DNSSEC Reflection Severe DDoS Risk

Neustar , Inc. (NYSE: NSR), a trusted, neutral provider of real-time information services, today published “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us a research report that details how Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks. Neustar determined that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches.

“DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,” said Joe Loveless, Director Product Marketing, Security Services, Neustar. “If DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.”

DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary amount of additional information is created. Additionally, when issuing the DNS command, “ANY,” the amplified response from DNSSEC is exponentially larger than a normal DNS reply.

Key findings and recommendations from “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” include:

DNSSEC Vulnerabilities Are Prolific – Neustar examined one industry with 1,349 domains and determined 1,084 of them (80 percent) could be maliciously repurposed as a DDoS attack amplifier (they were signed with DNSSEC and responded to the “ANY” command).
The Average DNSSEC Amplification Factor is 28.9 – Neustar tested DNSSEC vulnerabilities with an 80-byte query, which returned an average response of 2,313-bytes. The largest amplification response was 17,377-bytes, 217 times greater than the 80-byte query.
The Anatomy of a DNSSEC Reflection Attack – Neustar illustrates the command and control servers required to run the botnets and scripts that target DNS name servers to execute DNSSEC amplification attacks.
Best Practices for Mitigation –For organizations that rely on DNSSEC, Neustar recommends ensuring that your DNS provider does not respond to “ANY” queries or has a mechanism in place to identify and prevent misuse.

“Neustar is focused on using connected sciences to connect people, places and things, which is why network security is so imperative,” said Loveless. “As more organizations adopt DNSSEC, it is critically important to understand how to secure it. The time to fix it is now.”

For more information about “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” please visit https://hello.neustar.biz/201608---Security-Services---Trade-Show---Black-Hat_DNSSEC-LP.html .

About Neustar

Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar (NYSE: NSR) isolates certain elements and analyzes, simplifies and edits them to make precise and valuable decisions that drive results. As one of the few companies capable of knowing with certainty who is on the other end of every interaction, we’re trusted by the world’s great brands to make critical decisions some 20 billion times a day. We help marketers send timely and relevant messages to the right people. Because we can authoritatively tell a client exactly who is calling or connecting with them, we make critical real-time responses possible. And the same comprehensive information that enables our clients to direct and manage orders also stops attackers. We know when someone isn’t who they claim to be, which helps stop fraud and denial of service before they’re a problem. Because we’re also an experienced manager of some of the world’s most complex databases, we help clients control their online identity, registering and protecting their domain name, and routing traffic to the correct network address. By linking the most essential information with the people who depend on it, we provide more than 12,000 clients worldwide with decisions—not just data. More information is available at http://www.neustar.biz

View source version on businesswire.com: http://www.businesswire.com/news/home/20160816005745/en/

Contact:

Neustar
Laura Cahill
laura.cahill@axicom.com
(+44) 2083924071

Link:

ClickThru

About Business Wire

Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

30 Peer-Reviewed Studies Highlight Statistically Significant Health Benefits of Almased16.7.2025 09:15:00 CEST | Press release

Two recent, peer-reviewed clinical studies have found that Almased, a high-protein, low-glycemic meal replacement, delivers significant health benefits ranging from weight loss and improved metabolic health to anti-aging effects and enhanced quality of life. Both reviews synthesize 30 peer-reviewed clinical studies across three decades of scientific research, confirming that Almased is effective and safe for weight reduction, preservation of lean muscle mass, and cardiovascular health. The 2025 review in the American Journal of Biomedical Science & Research highlighted Almased’s efficacy and safety for wide groups of people including individuals seeking weight loss, those with metabolic syndrome or fatty liver, older adults needing to preserve muscle mass, and athletes or healthy-weight individuals who require additional high-quality protein. This review also discusses how Almased’s patented fermentation process produces over 80 bioactive peptides, including 2 times the average daily i

The Future of Connectivity Starts Here: Network X Returns to Paris October 14 - 1616.7.2025 09:00:00 CEST | Press release

Show Reconvenes at Paris Expo Porte de Versailles with Global Representation of Industry Leaders and Telco Experts Network X 2025 - the only event that brings the fixed and mobile markets together - returns to Paris Expo Porte de Versailles October 14 - 16. Built for telecom's top players, this annual show drives business model innovation and monetisation of next-generation fixed, mobile, satellite and transport networks through AI and cloud. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250716595903/en/ Speaker on Headliners Stage at Network X 2024 New to Network X in 2025 are specialty events designed to deliver expert insights on trending topics including Data Center World and two Expo Stages for Fixed-Line and Mobile. More than 5,500 telco network infrastructure professionals will gather alongside 1,500 telcos to learn from six program tracks highlighting the latest advancements in Fibre, Wi-Fi Networks and Services, IP

Skechers AERO Series Opens New Chapter of Technical Running Innovation16.7.2025 09:00:00 CEST | Press release

New Collection Features an Evolution in Design that Cuts Through the Wind for That Aerodynamic Feel on Every Run Skechers Performance opens a new chapter of running innovation with the arrival of the Skechers AERO series. Named for the aerodynamic feel of the design, Skechers AERO represents the latest evolution of technical running shoes from the brand. The collection is engineered to deliver an exhilarating blend of speed, style and comfort to help runners cut through the wind and push beyond their personal bests while logging miles. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250716754749/en/ Introducing the Skechers AERO Series of technical running shoes: Skechers AERO Burst, Skechers AERO Spark, and Skechers AERO Tempo (L-R). “Recently launched in North America and Asia, the AERO Series leverages innovative technologies to elevate our signature comfort that’s now available to runners in Europe,” said Ben Stewart, Vic

4Moving Biotech Enrolls First Patient in Phase 2a Trial of 4P004, a Potential First-in-Class GLP-1 Therapy for Knee Osteoarthritis16.7.2025 07:00:00 CEST | Press release

- First patient enrolled in INFLAM MOTION, a global randomized Phase 2a trial including 129 knee osteoarthritis patients - 4P004 to be evaluated over 3 months for dual efficacy: symptom relief and synovial health improvement via contrast-enhanced MRI - Topline results expected in the second half of 2026 4Moving Biotech (4MB), a spin-off of 4P-Pharma dedicated to developing first-in-class treatments that modify the natural course of knee osteoarthritis (OA), today announced that the first patient has been enrolled in Phase 2a clinical trial, INFLAM MOTION. The study will evaluate 4P004, an intra-articular GLP-1 analog, as a potential first-in-class therapeutic candidate for knee osteoarthritis. INFLAM MOTION is a multicenter, randomized, double-blind, placebo-controlled Phase 2a trial planned to be conducted across Europe, the United States, and Canada. A total of 129 patients worldwide diagnosed with knee OA will be enrolled to evaluate, for the first time in humans, the efficacy of 4P

Belkin Achieves Qi2.2 Certification for Its Upcoming Products, Unlocking the Future of 25W Wireless Charging15.7.2025 19:06:00 CEST | Press release

With Qi2.2 certification, Belkin reinforces its commitment to quality, safety, and performance for the next generation of wireless charging Belkin, a leading consumer electronics brand for over 40 years, today announced it has received official Qi2.2 certification from the Wireless Power Consortium (WPC) for its upcoming products. As one of the first accessory brands to deliver Qi2.2-certified devices, Belkin is helping bring the next generation of wireless charging to market – enabling faster wireless charging speeds, broader compatibility, and improved performance for consumers. Belkin’s close partnership with the WPC since 2015 has been instrumental in bringing these advancements to consumers. As an early adopter and long-time contributor to WPC standards, Belkin was selected as one of a small group of trusted manufacturers to test and certify Qi2.2 products ahead of the broader industry rollout. All Belkin products undergo rigorous safety, quality, and performance testing. The comp

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom