[dns-operations] about DNS attack
hua peng
huapeng at arcor.de
Sat May 31 14:04:07 UTC 2014
Thanks. This sounds more reasonalbe to me.
> Attacks of that size are starting to become commonplace via
> amplification as Roland mentions. Your routers can filter them
> (assuming sufficient peering capacity) by rate limiting packets that are
> likely participating in such an attack (easy to distinguish by
> source-port and size).
>
> There are also occasional direct (not amplified) attacks of that scale.
> You can absorb them by using anycast to prevent the attack from
> overwhelming any single datacenter, then running a pool of machines in
> each location to handle local load. Most attacks of that scale are
> using large packets, so the query rate is not as high as you might think
> (but it can still be quite high!).
>
> Attacks at this scale are beyond the capabilities of most organizations,
> so you should always do your part to identify and dismantle the botnet
> infrastructure when possible. Collecting a list of participating IPs
> and notifying their abuse contacts helps.
More information about the dns-operations
mailing list