How I unwittingly became part of a DDOS attack

I recently stood up a azure VM to test out some work I’ve been doing around creating my own DNS server.

Feeling bold and overconfident I created a machine with a long random name, punched open the firewall for dns and set my custom dns running. Having played with the code till late in the evening I left the box running and went to bed. My machines existence was only known to me, so I just left it there with unfinished code answering dns queries.

The next evening, when I set about to continue my work, I noticed that the server was actually already really busy. I was receiving LOADS of requests.

Looking at the apparent source IP it was from a Russian hosting company. However, as DNS is UDP, spoofing the source IP is possible and therefore it can be used it to amplify DDOS attacks. You can read more on this attach type here, http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack

So it turns out that overnight my machine had apparently been found by a bot crawling IPs and conscripted into a DNS DDOS attack.

Lesson learned, security through obscurity doesn’t cut it on the internet!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: