[dns-operations] Media coverage of amplification attacks opening pandoras box?

Ameen Pishdadi apishdadi at gmail.com
Sat Mar 25 06:07:16 UTC 2006

So far the only two plausible solutions i have seen proposed are closing the
open recursors and RPF, both of which unfortunatly might take ages for it to
be implemented internetwide. Its not like a software bug where a vendor can
send out a patch and people will apply it because they are worried about
getting hacked. I dont know, im just kind of annoyed now that were most
likely going to go from categorizing a 1-2gb/s attack as small and a
8-10gb/s attack large, and for that to be common. The problem i see lays
with the fact that there is a huge amount of open recursors because of the
who dedicated server market. The attack from the other day 200mb/s came in
from one dedicated server company in chicago.

One thing we could try is to get cooperation from the control panel software
makers for dedicated servers like cpanel , plesk. Cpanel does nightly
automatic updates and can easily upload a new named.conf to turn off
recursive queries. Cpanel by default installs bind with open recursiveness,
they could close 100's of thousands of recursive servers with this update.

On 3/24/06, Randy Bush <randy at psg.com> wrote:
> > Your right security through obscurity does not work, and as we all know
> dns
> > amplification attacks have been known about for awhile. What im saying
> is ,
> > is it absolutly necessary to detail the exact method on how to exploit
> the
> > dns system to get an 80x amplification?
> yes, if we are to develop means to prevent or ameliorate it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060325/f94ed82a/attachment.html>

More information about the dns-operations mailing list