[dns-operations] Effectivity of filter lists against DNS amplification attacks
daniel.stirnimann at switch.ch
Fri Aug 17 10:22:30 UTC 2012
On one of our name server which is secondary for a little over one
thousand second level domains has been abused for DNS Amplification
Attacks since November 2011.
There has not been a single week without such traffic. So, it is not
decreasing at all. Since May 2012 we are rate-limiting outgoing ANY
queries but this has not resulted in a decrease of such traffic.
The most common DNS Amplification Attack traffic we are seeing is what
is described in this ISC Diary post:
On 17.08.12 10:03, Klaus Darilion wrote:
> Lately, there was much discussion and examples on how to block the DNS
> requests of DNS Amplification Attacks. Such filters prevent the name
> server seeing the request, thus of course massively reducing the
> outgoing traffic. But such filters can not reduce the incoming traffic -
> the attacker will still send the DNS requests.
> Thus, I would be interested in the results of such filters. Do you see,
> maybe not in short-term but in long-term, that the incoming attack
> traffic also decreases?
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
More information about the dns-operations