[dns-operations] Amplification attack today ?

John Payne john at sackheads.org
Wed Feb 28 23:11:50 UTC 2007


On Feb 28, 2007, at 6:07 PM, Michael Monnerie wrote:

> On Mittwoch, 28. Februar 2007 16:23 Rob Thomas wrote:
>> There is an
>> on-going 1.4Gbps DNS amplification attack using 175K open recursive
>> name servers, but it is hitting approximately three targets in the
>> US.
>
> Maybe someone should establish an RBL for bad DNS servers, and all  
> root
> servers should block DNS queries from them? By this, you will for sure
> get the attraction of that servers admin, and they must fix their
> servers. It's a bit like RBLs for e-mails servers today, admins get to
> fix it quite quickly these days.

Unfortunately... unless the blocking list is at the network level  
it's probably several orders of magnitude of extra work _not_ to  
service that request than to service it.

In comparison, DNSBLs save mail server resources which is part of the  
reason they're so popular.




More information about the dns-operations mailing list