[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?
Lutz Donnerhacke
lutz at iks-jena.de
Thu Sep 27 22:08:44 UTC 2012
* Stephane Bortzmeyer wrote:
> For instance, I'm a big fan of rate-limiting ANY requests because it
> works fine *today* in *some* attacks but I would never say it is *the*
> solution to DNS-based DoS attacks. It is just a tool among others.
I collected a few statistics. It's far from complete nor perfectly designed,
but it covered my ass. Right now. This week.
http://lutz.donnerhacke.de/eng/Blog/First-results-from-DNS-Dampening
One observation I'm not sure about is: Attacker query rate seems to drop by
half about two to tree weeks after rate limiting or three days after
dampening. To verify the alternatives, I had to relist my server on the
scriptkiddies pastbin. But I does not know the URL nor I'm willing to do so.
More information about the dns-operations
mailing list