According to Measurement Factory President Duane Wessels, DNS amplification attacks do occur, but they're not the most common form of DDoS attack. "Those of us that track these and are aware of it tend to be a little bit surprised that we don't see more attacks that use open resolvers," he said. "It's kind of a puzzle."

Wessels believes that the move toward the next-generation IPv6 standard may be inadvertently contributing to the problem.Some of the modems are configured to use DNS server software called -- which converts addresses between IPv4 and IPv6 formats. Often this software is configured as an open resolver, Wessels said.