BugTraq
RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mar 08 2006 06:27PM
Geo. (geoincidents nls net) (1 replies)
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mar 08 2006 06:46PM
Security Lists (securitylists uniontown com) (1 replies)
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mar 08 2006 07:58PM
gboyce (gboyce badbelly com) (1 replies)
On Wed, 8 Mar 2006, Security Lists wrote:

> Sorry, I don't see this as amplification in your example, because YOUR dns
> servers are 100% of the traffic. 1:1 ratio.

Once the first request to the nameservers is made, the object should be
cached by the nameservers. Instead of one packet to each server, consider
a stream of packets to each server. The recipient will recieve a stream
of 100K answers with likely only 200K of traffic back to the attackers DNS
server.

Or better, find some random authoritative nameserver with a big DNS
record, and then a very small portion of the attackers traffic is used and
it is less likely to be tied back to the attacker since they don't own the
record being requested.

[ reply ]
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mar 13 2006 10:54PM
MÃ¥ns Nilsson (mansaxel sunet se)


 

Privacy Statement
Copyright 2010, SecurityFocus