[dns-operations] DNS deluge for x.p.ctrc.cc
Joe Greco
jgreco at ns.sol.net
Mon Feb 27 20:07:00 UTC 2006
> Isn't this an issue even if the dns server isn't an open-recursive but
> simply listens on port 53? Sending a packet with a spoofed source is a
> problem for ANY udp service. If open resolvers are all taken off the net
> whats to stop the botnets from sending enough queries to the root servers
> with spoofed sources to accomplish the same goal? Sure it takes more
> packets but ...
>
> Why bother testing if its recursive if either way its going to send packets
> back to a victim? Sure its a smaller payload but its still an attack
> vector.
Yeah, a 17 byte request to f-root results in a 493 byte reply.
It's looking to me more and more like the recurser issue is mainly a
mild matter of severity.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the dns-operations
mailing list