T 5.151 DNS flooding - denial-of-service attacks

A denial-of-service attack (DoS attack) is used to prevent legitimate users of IT systems from using their systems. In this case, limited resources such as the CPU computing time, memory (RAM), disk space, network bandwidth or the like are deliberately overloaded.

When a DoS attack on a DNS server is carried out, so many requests are sent to this server that the network connection to the DNS server and/or the DNS server itself will become overloaded. In general, the requests are sent using a bot network to achieve the required volume of data traffic. Since a DNS server is virtually "flooded" with requests when this form of attack is performed, it is also known as "DNS flooding". A DNS server that has become overloaded in this manner can no longer respond to any legitimate requests. In general, all DNS servers responsible for the domain are attacked; thus the names of this domain can no longer be resolved.

Example:

• Two companies have designed and developed very similar products and are thus in direct competition. Each company sells its product using its respective company web shop. Measured in item-based sales, one company lags far behind the other company. In order to make up for this disadvantage, the company with the lower sales figures decides to have a DoS attack carried out against the DNS server of the competitors. Thus, the domain name of the attacked company's web shop can no longer be resolved. Interested customers will fail when trying to establish a connection attempt, because the DNS servers can no longer process any requests due to the overload. The lost business and the damage to the reputation constitute a significant damage for the victim.