[dns-operations] DNS deluge for x.p.ctrc.cc

Gadi Evron ge at linuxbox.org
Tue Feb 28 21:50:05 UTC 2006

Geo. wrote:
>>If you don't own the machines attacking, and you send one packet from
>>each machine every 3 seconds...
> Ok, so you have a botnet. The machines in this botnet are behind a firewall
> and using irc to connect into your botnet, they use their local DNS servers
> so the spoofed queries are being sent to their local network behind their
> firewall.

This attack is coming from a botnet too, as far as I know..

> The firewall has to allow the recursive dns server to talk to the outside
> world so what is the firewall rule that is going to stop this attack from
> being possible?

Who said I'll use my DNS server? :)

> I mean it seems the firewall that prevents spoofed recursion has to be
> between the recursive dns server and it's local clients. Who has a setup
> like that?

I honestly don't understand..

Do you mean that spoofing doesn't work anymore, or that everyone 
prevents spoofing, or..?

More information about the dns-operations mailing list