[dns-operations] Effectivity of filter lists against DNS amplification attacks

Daniel Stirnimann daniel.stirnimann at switch.ch
Fri Aug 17 10:22:30 UTC 2012

Hi Klaus

On one of our name server which is secondary for a little over one
thousand second level domains has been abused for DNS Amplification
Attacks since November 2011.

There has not been a single week without such traffic. So, it is not
decreasing at all. Since May 2012 we are rate-limiting outgoing ANY
queries but this has not resulted in a decrease of such traffic.

The most common DNS Amplification Attack traffic we are seeing is what
is described in this ISC Diary post:


On 17.08.12 10:03, Klaus Darilion wrote:
> Hi!
> Lately, there was much discussion and examples on how to block the DNS 
> requests of DNS Amplification Attacks. Such filters prevent the name 
> server seeing the request, thus of course massively reducing the 
> outgoing traffic. But such filters can not reduce the incoming traffic - 
> the attacker will still send the DNS requests.
> Thus, I would be interested in the results of such filters. Do you see, 
> maybe not in short-term but in long-term, that the incoming attack 
> traffic also decreases?
> Thanks
> Klaus
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list