[dns-operations] responding to spoofed ANY queries
sthaug at nethelp.no
sthaug at nethelp.no
Thu Jan 10 13:10:58 UTC 2013
> > It would be nice if ANY queries just got thrown away. I can live with the
> breakage that causes. YMMV. However if there was something that generally
> blocked or discarded ANY queries, the bad guys would switch to some other
> QTYPE that can't be blocked without causing significant operational
> problems.
> >
> > _______________________________________________
>
> What makes you think they won't? I mean, isn't this a classic mistake of
> cold war defense modelling, that you assume your enemy will use weapons you
> can confidently defend against and ignore the ones you suspect you cannot?
>
> ANY has good amplification. If its not working, they surely will move to
> others. Or both. And if it is working they may move to others anyway.
The bad guys are *already* using other tools than ANY queries - for
instance, I have seen quite a few amplification attacks based on TXT
queries.
There's nothing new under the sun...
Steinar Haug, AS 2116
More information about the dns-operations
mailing list