2

I was asked this as a test question and I was wondering if I answered correctly. I was thinking this was a DOS attack because it came from one server not multiple. So can anyone tell me if this is correct or wrong?

If you have 10 attackers and they all send requests to 1 DNS open resolver and the DNS resolver sends all the replies to just 1 victim. Is this a DOS attack or a DDOS attack?

I answered as a DOS attack.

Mike
  • 21
  • 2

2 Answers2

2

I would have answered DDOS since there is distribution (10 attackers).

This is a rather difficult question - one would refer to a thorough dictionary definition of "DDOS", which does not exist.

If you look at "the web", definitions always state that several machines are used for the attack, which is the case here - one could even say that there are 11 machines participating in the attack.

niilzon
  • 1,587
  • 2
  • 10
  • 17
  • Ya, there are several machines attacking the server, but only the server is doing the attack on the victim. I was wondering if this was a trick question. – Mike Feb 10 '17 at 15:31
  • Yet 11 machines participate in the attack. That's why a thorough definition of DDOS is needed ; do the machines have to [participate in the attack] or [send paquets directly to the target] ? That's the answer. Since this was part of a test, I guess you received such definition during a course beforehand. I don't like this question, the goal is not to verify if the participant understands DDOS or amplification but is more a tricky play on words / definition – niilzon Feb 13 '17 at 07:44
  • I was originally thinking Reflect attack, but that was not an answer. I do appreciate the feedback. – Mike Feb 13 '17 at 19:25
1

Technically, I believe this is DDOS -- many machines. It may however, be closer to a DOS than most DDOS. This is because DNS reflection attacks make use of a) A DNS' willingness to reply to anyone (and no care if it was the actual sender) and B) a DNS request is orders of magnitude smaller than a DNS reply. This means that a single server with limited bandwidth can generated much more traffic using a reflection than it could connecting directly.

When we typically think of DDOS we imagine massive bonnets -- so many, that such reflections might not be necessary (at a certain point the DNS server could actually become the bottleneck in the attack.

Alex
  • 73
  • 4
  • I have asked around and most people think it was DDOS just because of all the attackers. Even though they were using one DNS server to do all the attacks. I believe my options were DOS, DDOS, SMURF and there was one other one that I cant remember. – Mike Feb 13 '17 at 19:23