[dns-operations] Recently closed open resolver and reflection attacks
casey at deccio.net
Wed Mar 6 16:48:07 UTC 2013
On Wed, Mar 6, 2013 at 8:36 AM, <WBrown at e1b.org> wrote:
> I recently help close down an open recursive resolver. It is still
> getting a lot of queries for isc.org/ANY which get a refused response
> (unless slipped/dropped by RRL). Granted, this doesn't amplify the attack
> since REFUSED is a fairly small packet, but it is still traffic to the
> attacked site.
Seems like a REFUSED response fits into its own RRL category. Is there any
reason why name servers wouldn't simply drop them if they exceed the
configured RRL threshold--or even perhaps a lower threshold?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations