[dns-operations] DNS deluge for x.p.ctrc.cc

Geo. georger at nls.net
Tue Feb 28 14:40:02 UTC 2006


> If you don't own the machines attacking, and you send one packet from
> each machine every 3 seconds...

Ok, so you have a botnet. The machines in this botnet are behind a firewall
and using irc to connect into your botnet, they use their local DNS servers
so the spoofed queries are being sent to their local network behind their
firewall.

The firewall has to allow the recursive dns server to talk to the outside
world so what is the firewall rule that is going to stop this attack from
being possible?

I mean it seems the firewall that prevents spoofed recursion has to be
between the recursive dns server and it's local clients. Who has a setup
like that?

Geo.




More information about the dns-operations mailing list