[dns-operations] Blocking DNS clients without authentifying them (Was: New subscribers
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Jan 18 22:08:04 UTC 2011
On Tue, Jan 18, 2011 at 10:48:32AM -0700,
Jeff Taylor <shdwdrgn at sourpuss.net> wrote
a message of 33 lines which said:
> I still don't really understand the purpose of this attack. Are
> they trying to ddos isc.org? Surely they're not trying to shut down
> my server? Either way, it seems like a losing battle on their part.
I think they attack neither isc.org nor you but a third-party. isc.org
is large (3972 bytes for a ANY request with DNSSEC) and therefore can
be used for attacks with amplification, with your server as a relay.
I don't think it is the most clever attack existing, but the idea of
using isc.org probably comes from a recent talk "DNS security for
dummies", where this domain was mentioned, so it can be the work of a
beginner.
More information about the dns-operations
mailing list