Forward to Hell? On Misusing Transparent DNS Forwarders For Amplification Attacks 

DNS infrastructure is infamous for facilitating reflective amplification attacks. Countermeasures such as server shielding, access control, rate limiting and protocol restrictions have improved the situation, but DNS-based reflective amplification attacks persist. Focusing on the threat vector introduced by transparent DNS forwarders, our research shows they can provide access to shielded recursive resolvers and scale better in terms of potential attack volume.RIPE LabsRead More