Select Category
Sitemap Help Contact
print article

Check for the DNS Amplification Attack Vulnerability

Learn how to verify if your server is currently prone to DNS amplification attacks (aka DNS reflection attacks)

An in-depth technical explanation of a DNS Amplification Attack is available from the Microsoft Technet website. In short, the vulnerability allows attackers to utilize your server's DNS capabilities as a middle man, to overwhelm another target server with an unmanageable influx of traffic.

Step 1
You must send a DNS request to your server, from your home or office, in order to test for the vulnerability.

On your keyboard, hold the Windows Key + r in order to open up the Run Dialog Box.
The Run dialog box
The Run dialog box
Step 2
In the text box, type cmd to open the Windows Command Prompt and then click the OK button.
The cmd command is entered into the Open field
The cmd command is entered into the Open field
Step 3
To test the vulnerability, we will check your server for a DNS record it should not have. If a result is returned, then the info was pulled by your server from another DNS server and is open to this vulnerability. If no result is returned, then no further steps need to be taken, as you server is only returning DNS records that have been manually added for your configuration.

At the command prompt, type nslookup 1and1.com 74.208.111.111, Replacing the IP address above with the IP address of your server. If you do not know the IP address of your server, learn how to Find Your Server Information
The nslookup command is used in the cmd window
The nslookup command is used in the cmd window
Step 4
If you receive the response can't find 1and1.com then this vulnerability does not affect you. Either the server is already properly configured or there is no DNS service running on your server. You may ignore the remaining steps.
Return message shows that the site can't be found
Return message shows that the site can't be found

If you receive the response Non-authoritative answer with additional info underneath, then this vulnerability does affect you and you should Sercure Your Sever Against DNS Amplification Attacks in Plesk.

Return message shows the non-authoritative answer with addition info
Return message shows the non-authoritative answer with addition info
For additional information, you may want to reference: