[dns-operations] DNS deluge for x.p.ctrc.cc
Gadi Evron
ge at linuxbox.org
Tue Feb 28 21:50:05 UTC 2006
Geo. wrote:
>>If you don't own the machines attacking, and you send one packet from
>>each machine every 3 seconds...
>
>
> Ok, so you have a botnet. The machines in this botnet are behind a firewall
> and using irc to connect into your botnet, they use their local DNS servers
> so the spoofed queries are being sent to their local network behind their
> firewall.
This attack is coming from a botnet too, as far as I know..
> The firewall has to allow the recursive dns server to talk to the outside
> world so what is the firewall rule that is going to stop this attack from
> being possible?
Who said I'll use my DNS server? :)
> I mean it seems the firewall that prevents spoofed recursion has to be
> between the recursive dns server and it's local clients. Who has a setup
> like that?
I honestly don't understand..
Do you mean that spoofing doesn't work anymore, or that everyone
prevents spoofing, or..?
More information about the dns-operations
mailing list