[dns-operations] DNS deluge for x.p.ctrc.cc
Ondřej Surý
ondrej.sury at nic.cz
Tue Feb 28 08:17:47 UTC 2006
On Mon, 2006-02-27 at 16:05 -0600, Joe Greco wrote:
> > > Gadi,
> > >
> > > If you cannot spoof, then when you request a record for x.p.ctrc.cc and
> > > it returns a 4000 byte record, it's returning it to you.
> > >
> > > Now, explain what the problem with that is.
> >
> > If you don't own the machines attacking, and you send one packet from
> > each machine every 3 seconds...
> >
> > "It's simple, numbers -- they have more"
> >
> > How big of a botnet are you going to need?
>
> You've lost me. Draw a picture or fill in the blanks.
Imagine big ISP with lot of zombies. All those zombies sends query to
recursor => big ISP's router(s) is in trouble.
Sure, it's different type of attack... but still attack.
(At least how I do understand it from Gadi's message).
Ondrej.
--
Ondřej Surý
technický ředitel/Chief Technical Officer
-----------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Lužná 591, 160 00 Praha 6, Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
tel:+420 222 745 110 fax:+420 220 121 184
-----------------------------------------
More information about the dns-operations
mailing list