[dns-operations] DNS Attack over UDP fragmentation

Jim Reid jim at rfc1035.com
Wed Sep 4 14:50:12 UTC 2013

On 4 Sep 2013, at 15:40, Ondřej Surý <ondrej.sury at nic.cz> wrote:

>> Check also ICMP "packet too big" coming in with ridiculous sizes, they
>> might be the sign that someone is trying the Shulman attack.
> True, but again, that might work for us, but not for average DNS operator.

Indeed. But who is more likely to be the target of this type of attack Ondřej, a TLD with decent DNS infrastructure or the name server for jimswebsite.com? AFAIK the average DNS operator was not targeted for the 9K ANY attacks. At least not yet.

More information about the dns-operations mailing list