1and1 Help Centre Categories

print article

Check for DNS Amplification Attack Vulnerability

Learn how to verify if your server is currently prone to DNS amplification attacks (DNS reflection attacks).

An in-depth technical explanation of a DNS Amplification Attack is available on the Microsoft Technet website. The vulnerability allows attackers to utilise your server's DNS capabilities to overwhelm another target server with an unmanageable influx of traffic.

Step 1
Send a DNS request to your server, from home or office, to test for the vulnerability. Hold the Windows Key + r in order to open up the Run Dialogue Box.New Run Dialogue window
New Run Dialogue window
Step 2
In the text box, type cmd to open the Windows Command Prompt and then click on OK. The cmd command is entered into the Open field
The cmd command is entered into the Open field
Step 3
To test the vulnerability, we will check your server for a DNS record it should not have. If a result is returned, then the info was pulled by your server from another DNS server and is open to this vulnerability. If no result is returned, then no further steps need to be taken, as you server is only returning DNS records that have been manually added for your configuration.

At the command prompt, type nslookup 1and1.com 74.208.111.111, replacing the IP address above in red, with the IP address of your server. You can find the IP address of your server, in the Server Information section of your 1&1 Control Panel. The nslookup command is used in the cmd window
The nslookup command is used in the cmd window
Step 4
If you receive the response can't find 1and1.com then this vulnerability does not affect you. Either the server is already properly configured or there is no DNS service running on your server. You may ignore the remaining steps. Return message shows that the site cannot be found
Return message shows that the site cannot be found

If you receive the response Non-authoritative answer with additional information underneath, then this vulnerability does affect you and you should secure your sever against DNS amplification attacks in Plesk. Return message with non-authoritative answer
Return message with non-authoritative answer