[dns-operations] Blocking DNS clients without authentifying them (Was: New subscribers

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Jan 18 22:08:04 UTC 2011


On Tue, Jan 18, 2011 at 10:48:32AM -0700,
 Jeff Taylor <shdwdrgn at sourpuss.net> wrote 
 a message of 33 lines which said:

> I still don't really understand the purpose of this attack.  Are
> they trying to ddos isc.org?  Surely they're not trying to shut down
> my server?  Either way, it seems like a losing battle on their part.

I think they attack neither isc.org nor you but a third-party. isc.org
is large (3972 bytes for a ANY request with DNSSEC) and therefore can
be used for attacks with amplification, with your server as a relay.

I don't think it is the most clever attack existing, but the idea of
using isc.org probably comes from a recent talk "DNS security for
dummies", where this domain was mentioned, so it can be the work of a
beginner.




More information about the dns-operations mailing list