[dns-operations] DNS deluge for x.p.ctrc.cc

Rob Thomas robt at cymru.com
Mon Feb 27 19:10:48 UTC 2006


Hi, team.

] The problem lies in UDP spoofing not the DNS protocol itself.

Agreed, but is mitigation of either mutually exclusive?  Can we craft
a message and a feed that helps folks to address both?

These attacks have reached 8Gbps at times, and that sort of figure
does raise eyebrows.  Perhaps we can capitalize on that and gain some
attention to both the problems of DNS amplification attacks (yes, UDP
can be abused in many ways, but not all UDP services offer a 1:73
return on investment) and BCP38.

Thoughts?

Thanks,
Rob.
-- 
Rob Thomas
Team Cymru
http://www.cymru.com/
ASSERT(coffee != empty);




More information about the dns-operations mailing list