[dns-operations] DNS Attack over UDP fragmentation
Ondřej Surý
ondrej.sury at nic.cz
Wed Sep 4 14:53:51 UTC 2013
> On 4. 9. 2013, at 16:50, Jim Reid <jim at rfc1035.com> wrote:
>
> On 4 Sep 2013, at 15:40, Ondřej Surý <ondrej.sury at nic.cz> wrote:
>
>>> Check also ICMP "packet too big" coming in with ridiculous sizes, they
>>> might be the sign that someone is trying the Shulman attack.
>>
>> True, but again, that might work for us, but not for average DNS operator.
>
> Indeed. But who is more likely to be the target of this type of attack Ondřej, a TLD with decent DNS infrastructure or the name server for jimswebsite.com? AFAIK the average DNS operator was not targeted for the 9K ANY attacks. At least not yet.
Personally I would pick the incumbent ISP and a major banks DNS operators;).
O.
More information about the dns-operations
mailing list