[dns-operations] Effectivity of filter lists against DNS amplification attacks
Daniel Stirnimann
daniel.stirnimann at switch.ch
Fri Aug 17 10:22:30 UTC 2012
Hi Klaus
On one of our name server which is secondary for a little over one
thousand second level domains has been abused for DNS Amplification
Attacks since November 2011.
There has not been a single week without such traffic. So, it is not
decreasing at all. Since May 2012 we are rate-limiting outgoing ANY
queries but this has not resulted in a decrease of such traffic.
The most common DNS Amplification Attack traffic we are seeing is what
is described in this ISC Diary post:
https://isc.sans.edu/diary/DNS+ANY+Request+Cannon+-+Need+More+Packets/13261
Regards,
Daniel
On 17.08.12 10:03, Klaus Darilion wrote:
> Hi!
>
> Lately, there was much discussion and examples on how to block the DNS
> requests of DNS Amplification Attacks. Such filters prevent the name
> server seeing the request, thus of course massively reducing the
> outgoing traffic. But such filters can not reduce the incoming traffic -
> the attacker will still send the DNS requests.
>
> Thus, I would be interested in the results of such filters. Do you see,
> maybe not in short-term but in long-term, that the incoming attack
> traffic also decreases?
>
> Thanks
> Klaus
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
More information about the dns-operations
mailing list