[dns-operations] DNS deluge for x.p.ctrc.cc
Roland Dobbins
rdobbins at cisco.com
Mon Feb 27 19:28:52 UTC 2006
Agreed, this goes beyond spoofing (even though that's the greatest
source of pain in the context of these particular attacks) - there're
quite a bit of unanticipated consequences of various design choices
in the DNS which these classes of attacks have brought to the
forefront. Does anyone know of an attack-tree which has been done
for the DNS?
On Feb 27, 2006, at 11:10 AM, Rob Thomas wrote:
> Hi, team.
>
> ] The problem lies in UDP spoofing not the DNS protocol itself.
>
> Agreed, but is mitigation of either mutually exclusive? Can we craft
> a message and a feed that helps folks to address both?
>
> These attacks have reached 8Gbps at times, and that sort of figure
> does raise eyebrows. Perhaps we can capitalize on that and gain some
> attention to both the problems of DNS amplification attacks (yes, UDP
> can be abused in many ways, but not all UDP services offer a 1:73
> return on investment) and BCP38.
>
> Thoughts?
>
> Thanks,
> Rob.
> --
> Rob Thomas
> Team Cymru
> http://www.cymru.com/
> ASSERT(coffee != empty);
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
More information about the dns-operations
mailing list