Secure Active Directory DNS to Prevent Amplification Attacks

Background

A DNS amplification attack is a type of distributed denial of service attack that takes advantage of DNS servers that are configured as open resolvers.  Open resolvers are DNS servers providing recursion to anyone on the Internet. The attacker sends a small DNS query with a spoofed IP address to a vulnerable DNS server to direct a large amount of data to the victim.

Summary

Open resolvers on your network that are accessible to the Internet can be utilized in amplification attacks. It is important to secure these open resolvers to prevent future amplification attacks. Never make Domain Controllers Internet accessible for any reason. Continue reading “Secure Active Directory DNS to Prevent Amplification Attacks”