NEW YORK -- Mobile Network Security Strategies -- Attacks against the domain name system (DNS) have risen in the past year, and they have grown more sophisticated and targeted in the process.
Dr. Srinivas Mantripragada, vice president of technology at the network security vendor Infoblox Inc. , said the attacks are taking on two forms: outside-in to disrupt the DNS service, as in a denial of service (DOS) attack; and inside-out, using the DNS as a vector to exploit for spam, botnets, or phishing. (See: Infoblox Intros DNS Appliance.)
The attacks can take 10 hours or more to resolve, cost hundreds of thousands of dollars, and damage the brand -- something GoDaddy, Spamhaus, and Twitter have experienced in the past year or so.
Seeing that virtually every service that network operators provision has a DNS component to it, it's easy to see why they are concerned, too. "DNS is the No. 2 attack vector, right next to HTTP," Mantripragada said. "It's growing 200% year over year. It's an important pillar that needs to be fortified more."
— Sarah Reedy, Senior Editor, Light Reading
http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
The SaaS company I was with had some DoS attacks on our DNS that were 2x our normal load. We were operating at about 3K lookups/second normally. But nobody tried to poison our DNS directly (knock on wood).
seven