[dns-operations] DNS Attack over UDP fragmentation

Ondřej Surý ondrej.sury at nic.cz
Wed Sep 4 14:57:05 UTC 2013

> Check also ICMP "packet too big" coming in with ridiculous sizes, they
> might be the sign that someone is trying the Shulman attack.

JFTR It's one ICMP packet per the fragmentation cache timeout and the unique destination IP.

I wish we had found out some way to enforce BCP38 before spoofing became a problem:(


More information about the dns-operations mailing list