Hey all.
I was wondering whether DNS Amplification DDoS attacks can happen with DoT or DoH servers. I understand DNS amplification attacks work by sending thousands of DNS requests over UDP with a spoofed IP (of the victim's open DNS resolver), which causes the upstream server to flood the victim's DNS server with replies, essentially DDoSing the victim. Can this spoofing also be done for a TCP connection with DNS-over-TLS (on port 853) or DNS-over-HTTPS (on port 443), and end up DDoSing the victim on those services? An extension of that question is do these attacks work with normal DNS over TCP too, or is this attack only valid over UDP?
No comments:
Post a Comment