DDoS Defenders: Don't Take DNS for Granted

April 25, 2014 by Ixia Blog Team

Did you know that the DNS (Domain Name System) protocol is the second most commonly targeted by DDoS attacks? Most people don’t.

What we do know is that, In most network infrastructures, the squeaky wheel gets the grease while reliable elements like DNS don’t get much attention—until they stop working. DNS has started to make noise in recent years, however, as the complexities of network performance, security, and scalability have all skyrocketed.

The explosive growth of mobile devices and applications has given rise to unprecedented volumes of DNS traffic, causing exponentially more servers to be deployed. Surges in traffic can cause these servers to become overwhelmed more easily, resulting in error messages and actual failures.

With user expectations for performance at an all-time high, these types of issues can prompt demanding subscribers to switch providers, and plague IT managers with complaints from disgruntled employees and customers.

Of equal concern is the growing link between DNS and network security. The openness and global reach of DNS makes it the perfect target for Distributed Denial of Service (DDoS) and other sophisticated attacks, and reacting after the fact can have a costly impact on revenues, satisfaction, and brand reputation.

In the enterprise, a study by Ponemon Institute estimates the average impact on revenues for a single hour ofunplanned downtime at nearly $80,000 per hour1. For DDoS attacks, we can multiply this by 38, the average attack duration2, for a staggering total of $2,990,000+. At this rate, recovering even 1 minute earlier from an outage would save a company more than $1,300 a minute. That's the real bottom line!