[dns-operations] DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Mon Feb 27 21:56:31 UTC 2006

Joe Greco wrote:
>>Geo. wrote:
>>>>Both George and Joe are right. It is a problem. Still, solving one and
>>>>leaving another untended just because one was used as the attack vector
>>>>is silly. Are we to forever leave problem unattended?
>>>I'm unclear on what you are suggesting. What problem is left unattended with
>>>DNS if you cannot spoof UDP packets?
>>Recursive servers. There is no reason why this can't be abused in other 
>>means. ping -f was pretty interesting in the day.
>>If we stop being mathematicians for a second trying to understand how 
>>everything works and making it work better, and be physicists and throw 
>>more computing power at it (a bigger botnet) one can potentially, using 
>>this or some other means, cause some pretty serious damage.
>>Spoofing just makes this attack "pretty" and a whole lot more efficient.
> Gadi,
> If you cannot spoof, then when you request a record for x.p.ctrc.cc and
> it returns a 4000 byte record, it's returning it to you.
> Now, explain what the problem with that is.

If you don't own the machines attacking, and you send one packet from 
each machine every 3 seconds...

"It's simple, numbers -- they have more"

How big of a botnet are you going to need?

More information about the dns-operations mailing list