[dns-operations] DNS deluge for x.p.ctrc.cc

Joe Greco jgreco at ns.sol.net
Mon Feb 27 20:07:00 UTC 2006

> Isn't this an issue even if the dns server isn't an open-recursive but 
> simply listens on port 53?  Sending a packet with a spoofed source is a 
> problem for ANY udp service.  If open resolvers are all taken off the net 
> whats to stop the botnets from sending enough queries to the root servers 
> with spoofed sources to accomplish the same goal?  Sure it takes more 
> packets but ...
> Why bother testing if its recursive if either way its going to send packets 
> back to a victim?  Sure its a smaller payload but its still an attack 
> vector.

Yeah, a 17 byte request to f-root results in a 493 byte reply.

It's looking to me more and more like the recurser issue is mainly a 
mild matter of severity.

... JG
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the dns-operations mailing list