[dns-operations] DNS deluge for x.p.ctrc.cc
Gadi Evron
ge at linuxbox.org
Mon Feb 27 21:56:31 UTC 2006
Joe Greco wrote:
>>Geo. wrote:
>>
>>>>Both George and Joe are right. It is a problem. Still, solving one and
>>>>leaving another untended just because one was used as the attack vector
>>>>is silly. Are we to forever leave problem unattended?
>>>
>>>Gadi,
>>>
>>>I'm unclear on what you are suggesting. What problem is left unattended with
>>>DNS if you cannot spoof UDP packets?
>>
>>Recursive servers. There is no reason why this can't be abused in other
>>means. ping -f was pretty interesting in the day.
>>
>>No?
>>
>>If we stop being mathematicians for a second trying to understand how
>>everything works and making it work better, and be physicists and throw
>>more computing power at it (a bigger botnet) one can potentially, using
>>this or some other means, cause some pretty serious damage.
>>
>>Spoofing just makes this attack "pretty" and a whole lot more efficient.
>
>
> Gadi,
>
> If you cannot spoof, then when you request a record for x.p.ctrc.cc and
> it returns a 4000 byte record, it's returning it to you.
>
> Now, explain what the problem with that is.
If you don't own the machines attacking, and you send one packet from
each machine every 3 seconds...
"It's simple, numbers -- they have more"
How big of a botnet are you going to need?
More information about the dns-operations
mailing list