[dns-operations] DNS deluge for x.p.ctrc.cc

Roland Dobbins rdobbins at cisco.com
Mon Feb 27 19:28:52 UTC 2006


Agreed, this goes beyond spoofing (even though that's the greatest  
source of pain in the context of these particular attacks) - there're  
quite a bit of unanticipated consequences of various design choices  
in the DNS which these classes of attacks have brought to the  
forefront.  Does anyone know of an attack-tree which has been done  
for the DNS?


On Feb 27, 2006, at 11:10 AM, Rob Thomas wrote:

> Hi, team.
>
> ] The problem lies in UDP spoofing not the DNS protocol itself.
>
> Agreed, but is mitigation of either mutually exclusive?  Can we craft
> a message and a feed that helps folks to address both?
>
> These attacks have reached 8Gbps at times, and that sort of figure
> does raise eyebrows.  Perhaps we can capitalize on that and gain some
> attention to both the problems of DNS amplification attacks (yes, UDP
> can be abused in many ways, but not all UDP services offer a 1:73
> return on investment) and BCP38.
>
> Thoughts?
>
> Thanks,
> Rob.
> -- 
> Rob Thomas
> Team Cymru
> http://www.cymru.com/
> ASSERT(coffee != empty);
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

      Everything has been said.  But nobody listens.

                    -- Roger Shattuck




More information about the dns-operations mailing list