[dns-operations] DNS deluge for x.p.ctrc.cc
Roland Dobbins
rdobbins at cisco.com
Sun Feb 26 23:41:51 UTC 2006
I wasn't talking about just smurf-like with that type of
amplification effect, nor just tricks like asking for 4K TXT records,
etc.; rather, some interesting logical relationships that Dan and
Mike have uncovered between some open recursive nameservers and
heretofore unknown resolvers of one flavor or another.
Once Dan's ShmooCon preso is made available, this will become more
clear.
On Feb 26, 2006, at 3:20 PM, Gadi Evron wrote:
> Roland Dobbins wrote:
>> I'm waiting for the latest iteration of Dan's talk he gave at
>> ShmooCon this past January to be posted online, he gives lots of
>> numbers and examples, including odd 'hidden' relationships
>> between DNS servers, amplification effects of 1000:1, etc.
>
> It should be noted that these attacks are not *just* smurf-like
> with an amplification effect. Rather, the attack can be compared on
> a lower level to a simple ICMP DDoS attack from spoofed addresses
> where an echo is returned to the address which was spoofed.
>
> We can still see these and "secondary victims" (the people being
> attacked by the attacked server returning the echo) in the wild.
>
> That's the simplest way of explaining this, and that is still a
> risk. The amplification effect is what makes this especially
> dangerous.
>
> Gadi.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
More information about the dns-operations
mailing list