dns_amplification_participation

Explanation

The dns_amplification_participation event in the Netography Fusion Portal helps to find potential participants in DNS amplification attacks. DNS amplification attacks exploit the vulnerability of using DNS servers to flood targeted servers with traffic by amplifying a small amount of traffic into a much larger volume. This event helps to identify potentially compromised systems that are unwittingly participating in such attacks.

What to Look For

To analyze the dns_amplification_participation event, network administrators should look for outgoing DNS traffic from their networks that exceeds the expected volume. They should also check for any systems or applications that are known to be vulnerable to DNS amplification attacks. Additionally, endpoint devices should be inspected to ensure that they are not infected with malware that could be used in such attacks. By examining the results of this event, customers can identify and remediate potential security risks in their networks.