[dns-operations] DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Sun Feb 26 23:20:08 UTC 2006


Roland Dobbins wrote:
> I'm waiting for the latest iteration of Dan's talk he gave at  
> ShmooCon this past January to be posted online, he gives lots of  
> numbers and examples, including odd 'hidden' relationships between  
> DNS servers, amplification effects of 1000:1, etc.

It should be noted that these attacks are not *just* smurf-like with an 
amplification effect. Rather, the attack can be compared on a lower 
level to a simple ICMP DDoS attack from spoofed addresses where an echo 
is returned to the address which was spoofed.

We can still see these and "secondary victims" (the people being 
attacked by the attacked server returning the echo) in the wild.

That's the simplest way of explaining this, and that is still a risk. 
The amplification effect is what makes this especially dangerous.

	Gadi.



More information about the dns-operations mailing list