[dns-operations] DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Mon Feb 27 07:04:57 UTC 2006


Paul Vixie wrote:
> # What other applications using larger packets would it break?
> 
> responses containing AAAA RR's are one example.  RFC 2671 was not written
> pointlessly, or at least i hope (as its author) that it wasn't pointless.
> 
> # How large would the packets for these applications be? Surely if they 
> # are, say, 1024, it's better than 4 K's.  :)
> 
> as others here have also pointed out, the attack does not depend on 4K or
> even 1K... if an attacker gets a smaller amplification factor from the open
> recursive dns servers, they can ramp up the number of flows until the victim
> is seeing the right number of gigabits per second.  any remediation method
> related to 4KB or 1500B or 1KB or fragmentation or EDNS is just a band-aid.

Okay, and do we have any other solution that a band-aid?



More information about the dns-operations mailing list