[dns-operations] DNS deluge for x.p.ctrc.cc
Gadi Evron
ge at linuxbox.org
Mon Feb 27 07:04:57 UTC 2006
Paul Vixie wrote:
> # What other applications using larger packets would it break?
>
> responses containing AAAA RR's are one example. RFC 2671 was not written
> pointlessly, or at least i hope (as its author) that it wasn't pointless.
>
> # How large would the packets for these applications be? Surely if they
> # are, say, 1024, it's better than 4 K's. :)
>
> as others here have also pointed out, the attack does not depend on 4K or
> even 1K... if an attacker gets a smaller amplification factor from the open
> recursive dns servers, they can ramp up the number of flows until the victim
> is seeing the right number of gigabits per second. any remediation method
> related to 4KB or 1500B or 1KB or fragmentation or EDNS is just a band-aid.
Okay, and do we have any other solution that a band-aid?
More information about the dns-operations
mailing list