[dns-operations] Amplification attack today ?
john at sackheads.org
Wed Feb 28 23:11:50 UTC 2007
On Feb 28, 2007, at 6:07 PM, Michael Monnerie wrote:
> On Mittwoch, 28. Februar 2007 16:23 Rob Thomas wrote:
>> There is an
>> on-going 1.4Gbps DNS amplification attack using 175K open recursive
>> name servers, but it is hitting approximately three targets in the
> Maybe someone should establish an RBL for bad DNS servers, and all
> servers should block DNS queries from them? By this, you will for sure
> get the attraction of that servers admin, and they must fix their
> servers. It's a bit like RBLs for e-mails servers today, admins get to
> fix it quite quickly these days.
Unfortunately... unless the blocking list is at the network level
it's probably several orders of magnitude of extra work _not_ to
service that request than to service it.
In comparison, DNSBLs save mail server resources which is part of the
reason they're so popular.
More information about the dns-operations