As title says, what is the difference between DNS flood attack and UDP flood attack?
Plus, do they only exhaust the network bandwidth or do they also exhaust the server-side assets such as CPU, memory, etc?
Asked
Active
Viewed 1,223 times
-2
-
Honestly, I think those two issue are well described inside wikipedia. You second question scope is quite broad, as corporate DNS and ISP DNS protection level are totally different. Some ISP may blocked excessive UDP request to particular IP. – mootmoot Sep 03 '18 at 15:35
1 Answers
1
A DNS flood attack is (or can be, you can do DNS over TCP as well) a more specific type of UDP flood attack, where DNS is used to generate large DNS answers to spoofed DNS queries. Other protocols like NTP and SNMP are popular other types of UDP based flood attacks. All UDP attacks use some higher level protocol to generate the actual data for the attack.
As with most DDoS attack types, the weakest link in the chain goes first. Often, this would be bandwidth, but if a server would have enough bandwidth it's very well possible that the server which is under attack would be overloaded another way (CPU, memory, logs filling up disks, etc).
Teun Vink
- 6,788
- 2
- 27
- 35
-
Is it the same case for DNS amplification attacks? As if the server's network bandwidth is large enough to handle vast amount of DNS replies, but the server assets like CPU, memory,... get exhausted? – eliwax Sep 03 '18 at 15:11
-