[dns-operations] DNS Attack over UDP fragmentation
fergie at people.ops-trust.net
Thu Sep 5 10:06:10 UTC 2013
On 9/4/2013 7:57 AM, Ondřej Surý wrote:
>> Check also ICMP "packet too big" coming in with ridiculous sizes, they
>> might be the sign that someone is trying the Shulman attack.
> JFTR It's one ICMP packet per the fragmentation cache timeout and the unique destination IP.
> I wish we had found out some way to enforce BCP38 before spoofing became a problem:(
Believe me, no one wishes that more than do I. :-/
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID --> "Connect and Collaborate" --> www.internetidentity.com
More information about the dns-operations