[dns-operations] DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Mon Feb 27 21:25:35 UTC 2006

Sam Norris wrote:
> Isn't this an issue even if the dns server isn't an open-recursive but 
> simply listens on port 53?  Sending a packet with a spoofed source is a 
> problem for ANY udp service.  If open resolvers are all taken off the net 
> whats to stop the botnets from sending enough queries to the root servers 
> with spoofed sources to accomplish the same goal?  Sure it takes more 
> packets but ...
> Why bother testing if its recursive if either way its going to send packets 
> back to a victim?  Sure its a smaller payload but its still an attack 
> vector.

A guy, back in the late 90's, on IRC:
"So what if that one is just 11! I figure if I send one packet and 11 go 
out, that's pretty cool!"

It means that by attacking, you are also caused to attack yourself and 

Think, hypothetically, the "Trojan horse defense" may be applicable if 
some big service provider sues another?

More information about the dns-operations mailing list