[dns-operations] DNS deluge for x.p.ctrc.cc
paul at vix.com
Tue Feb 28 02:04:06 UTC 2006
# ... If open resolvers are all taken off the net whats to stop the botnets
# from sending enough queries to the root servers with spoofed sources to
# accomplish the same goal? Sure it takes more packets but ...
any time we can make more work for the attackers, we help ourselves. there
is no FUSSP (see http://www.rhyolite.com/anti-spam/you-might-be.html for more)
and we're just going to have to play out-innovate with the bad guys, for all
time. any time we find an abusable service that's not actually necessary in
its abusable form (like fingerd/finger forwarding, or open mail relays, or
lpd/lpr forwarding, or whois forwarding, or trivial-to-guess passwords that
never expire) we have to treat it as a good-guy-innovates opportunity, even
if the result is an internet with less feel-good-itude than we came here for
or than some of us remember from the internet's relative youth.
# Why bother testing if its recursive if either way its going to send packets
# back to a victim? Sure its a smaller payload but its still an attack vector.
it's more packets for them. more work. more detectability. more cost for
the fence-sitting middlemen who sit on the beneficial side of the assymetric
cost:benefit relationship that enables most of these attacks to succeed more
More information about the dns-operations