[dns-operations] First experiments with DNS dampening to fight amplification attacks

Michael Hoskins (michoski) michoski at cisco.com
Thu Oct 25 17:08:31 UTC 2012


-----Original Message-----

From: Lutz Donnerhacke <lutz at iks-jena.de>
Organization: IKS Jena, Thüringen Netz, Fitug
Date: Thursday, October 25, 2012 12:43 PM
To: "dns-operations at mail.dns-oarc.net" <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] First experiments with DNS dampening to
fight amplification attacks

>* Lutz Donnerhacke wrote:
>> If they are optimal or not is still an open question. But the patch is
>> useable now. Far from perfect or finished, but used in practice.
>
>I was able to collect some statistics and keep an eye on the attacks
>itself.
>Interestingly the attackers seem to honor the RRL defaults and apply their
>attacks in a way to render this patch useless.
>
>http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening-under-the-microscope

Great writeup, thanks for sharing...

Seems to show clever hacks can be useful (looks good for roots), but don't
generally work against real hackers who typically read lists (and source
code).  :-)




More information about the dns-operations mailing list