[dns-operations] DNS deluge for x.p.ctrc.cc

Doug Barton dougb at dougbarton.us
Mon Feb 27 19:28:52 UTC 2006


Rob Thomas wrote:

> These attacks have reached 8Gbps at times, and that sort of figure
> does raise eyebrows.  Perhaps we can capitalize on that and gain some
> attention to both the problems of DNS amplification attacks (yes, UDP
> can be abused in many ways, but not all UDP services offer a 1:73
> return on investment) and BCP38.
> 
> Thoughts?

I support the idea of notifying the amplification points. As you and Rodney
have pointed out, the messages get at least some positive response, and on
an objective level, it seems to be the "Right Thing" to do.

On another level, I think that there is a marked difference between this
issue and *gress filtering. As Rodney pointed out, there is a real, economic
incentive for most sites to fix this problem once they've been used as an
amplifier (particularly given that it's outbound bandwidth that will be
saved if they fix their problems). OTOH, as has been discussed to death on
NANOG (and I really don't want to reopen here), most people who are in a
position to do *gress filtering not only have no economic incentive to do
so, they frequently have one (or more) to not do so.

I also agree with Joe and others that fixing the amplifiers may only be a
part of the solution. However, it's a good step to take, and will have other
tangible benefits. Let me know if there is anything I can do to help.

Doug

-- 
    If you're never wrong, you're not trying hard enough



More information about the dns-operations mailing list