[dns-operations] DNS deluge for x.p.ctrc.cc
Gadi Evron
ge at linuxbox.org
Sun Feb 26 23:20:08 UTC 2006
Roland Dobbins wrote:
> I'm waiting for the latest iteration of Dan's talk he gave at
> ShmooCon this past January to be posted online, he gives lots of
> numbers and examples, including odd 'hidden' relationships between
> DNS servers, amplification effects of 1000:1, etc.
It should be noted that these attacks are not *just* smurf-like with an
amplification effect. Rather, the attack can be compared on a lower
level to a simple ICMP DDoS attack from spoofed addresses where an echo
is returned to the address which was spoofed.
We can still see these and "secondary victims" (the people being
attacked by the attacked server returning the echo) in the wild.
That's the simplest way of explaining this, and that is still a risk.
The amplification effect is what makes this especially dangerous.
Gadi.
More information about the dns-operations
mailing list