[dns-operations] Weird TXT record
Dobbins, Roland
rdobbins at arbor.net
Wed Jun 22 07:17:06 UTC 2011
On Jun 22, 2011, at 3:08 AM, Stephane Bortzmeyer wrote:
> Any public numbers about the relative importance of "DNSSEC query on a signed domain" vs. "a big TXT", in amplification attacks?
I don't have a validated set of stats, but have run into this anecdotally in the wild, with ~1.3KB DNSSEC responses as the blunt instrument.
> When you say "DNSSEC deployment has made it far easier", do you refer to a theoretical analysis or to a real phenomenon seen in the wild
I've run into it in the wild - it's mentioned on p. 54 of the Arbor 2010 WISR:
-----
Sixty-nine percent of respondents indicated they do not believe that drastically increased DNS response sizes would present a new and even more easily abused vector for DNS reflection/amplification attacks (Figure 91). Interestingly, just after this report’s survey was completed and opened for respondents to participate, Arbor observed several instances of DNSSEC-enabled reflection/amplification attacks taking place in several geographies simultaneously.
-----
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list