[dns-operations] First experiments with DNS dampening to fight amplification attacks

Dan Luedtke mail at danrl.de
Tue Oct 2 10:11:48 UTC 2012


Hi evereyone,

On Mon, 2012-10-01 at 17:24 +0000, Vernon Schryver wrote:
> After you have rate limiting, why bother with the costs of the
> synthetic CNAMES?
What I suggested was a method for legitimate clients to remove
themselves from the rate-limiting blacklist.
They get onto the list when an attacker sends spoofed queries using the
legitimate client's (e.g. a resolving DNS server of an ISP) IP address
as source address. Thus an attacker could "disable" zones for specific
ISPs by attacking the rate-limiting authoritative name server of the
zone.

Despite my suggestion earlier in this thread, I agree with Paul when it
comes to handing out data that are obviously not zone data. Cookies seem
more appropriate now.


Best regards

Dan

-- 
Dan Luedtke
http://www.danrl.de




More information about the dns-operations mailing list