WEBINAR: Protect Your Authoritative DNS Servers from DDoS Attacks – Watch now

+353% increase in DNS water torture attacks in 1H 2023

Dynamic DNS Water Torture Attacks Require Dynamic Mitigation

NETSCOUT DNS DDoS protection with Arbor Edge Defense (AED) leverages a robust, always-on solution specifically designed to automatically identify and neutralize DNS water torture DDoS attacks against authoritative DNS servers. Adapting to the escalating intensity and complexity of cyber threats, AED swiftly detects and counteracts threats, preventing potential disruptions before they affect the availability and performance of your DNS services.

DNS Attack Analysis

DNS water torture attacks saw a 353 percent increase from January 2023 to June 2023. The highest-impact attack consisted of nearly 90 million queries per second (mqps), larger than a 50 percent increase in attack impact over the same period in 2022. NETSCOUT’s observations have shown that these attacks are once again on the rise. This indicates that DNS water torture attacks tend to climb back up and continue to deliver high-impact attacks that are extremely disruptive to organizations unprepared to defend their DNS infrastructure. (Data: ATLAS)

DNS Water Torture Attacks Per Day, January-July 2023

Stop DNS Water Torture with AED Adaptive DDoS Protection

AED’s Adaptive DDoS Protection combines industry-best mitigation techniques with machine learning, tracking all DNS requests and replies, and tailoring mitigations to the attack, using a variety of protection methods to keep your authoritative DNS services running without problems of over- or under-mitigation.

Intelligence Driven, Adaptive DDoS Defense

Protect the availability of DNS services from dynamically changing DDoS attacks with actionable, global threat intelligence and automated, adaptable attack analysis and mitigation.

Reduce Operational Overhead

Always-on detection means rapid alerting and mitigation, reducing operational involvement and time, allowing staff to see, understand, and monitor the mitigations.

DNS-Specific DDoS Protection

From DNS record validation, DNS authentication, regex, rate-limiting, to DNS malformed traffic and beyond, mitigations are built from the ground-up to understand and protect DNS services from attack.

Detect, Alert, Update Blocking, Analyze
How Adaptive DDoS protects DNS services against DNS Water Torture Attacks

Technology Partners

NETSCOUT has established strategic alliances to collaborate with best-in-class technology partners, providing integrated solutions for our mutual customers and the success of their data center transformations.

AWS
Cisco
Citrix
Dell Technologies
F5
Google Cloud
Microsoft
Oracle
Palo Alto Networks
Red Hat Open Shift
ServiceNow
Splunk
VMware

Related Resources

Overview
What is a DNS Water Torture Attack?
What is NXDOMAIN and how can it be exploited? Find out more about how to prevent DNS NXDOMAIN flood DDoS attacks, where the attacker overwhelms the Domain Name System (DNS) server.
Blog
The Power of Names
Typically, application-layer protocols such as HTTP/s, QUIC, SIP, and others receive the lion’s share of attention in most discussions of internet traffic. But it’s the Domain Name...
Solution Brief
Maintaining Availability of DNS Services with Arbor Adaptive DDoS Protection
NETSCOUT’s Arbor Adaptive DDoS Protection combined with DNS countermeasures provides the most rapid and effective mitigation available, blocking more attack.
Threat Report
DDoS Threat Intelligence Report: Issue 11
Complete Network Visibility Enables Total Network Control
Blog
DNS and DDoS: A Match Made in Hell
The Domain Name System, or DNS, which serves as the internet’s address book, maps human-friendly names into IP addresses so that devices, applications, and services know how to...

DNS is the lifeblood of your network. Ensure it’s protected.