top of page

News & Views

DNS water torture attacks

Enterprises can now protect against Domain Name System (DNS) water torture attacks after NETSCOUT Systems ( launches its Adaptive DDoS Protection for Arbor Edge Defense (AED) solution.

NETSCOUT’s Adaptive DDoS Protection for AED protects organizations against many DDoS attack techniques at scale by auto-learning legitimate hostnames for each domain by continually analysing DNS query and response packets; adapting to DNS server configuration changes to prevent blocking legitimate domains and changes to attack techniques; and intelligently blocking DNS water torture IP sources on a query-by-query basis.  


This gives SOC teams a scalable, always-on, stateless packet processing solution that uses unmatched visibility into more than 50% of all internet traffic, real-time global DDoS attack threat intelligence, and decades of DDoS mitigation experience to automatically detect, adapt to, and mitigate dynamic DDoS attacks.

“Adaptive DDoS Protection for AED provides customers with a unique hybrid multi-layer DDoS defense architecture,” explains Scott Iekel-Johnson, AVP, DDoS and Threat Intelligence, NETSCOUT.  “It can learn, and filter millions of legitimate hostnames and thousands of domains backed by our ATLAS® Intelligence Feed (AIF) to thwart modern-day attacks and advanced threats.”

DNS water torture is one of many attack techniques adversaries can adopt to bring down DNS infrastructure.  “DNS water torture DDoS attacks have been around since 1997, yet many organizations still struggle to efficiently identify and mitigate them,” says John Grady, Principal, Enterprise Strategy Group.


 “These attacks send invalid requests to an Authoritative DNS server to slow it down and prevent legitimate requests from getting a response.  Security teams cannot broadly block this traffic without potentially impacting valid requests due to the pervasiveness of DNS and can easily misdiagnose an attack as a performance issue.  NETSCOUT’s Adaptive DDoS Protection auto-learns and adapts to changes in DNS server configuration, enabling AED to identify and mitigate these attacks.”
According to the NETSCOUT DDoS Threat Intelligence Report, DNS water torture attacks increased 353% in the first six months of 2023, overwhelming Authoritative DNS server resources and bringing down critical DNS services.  

bottom of page