[dns-operations] about DNS attack

hua peng huapeng at arcor.de
Sat May 31 14:04:07 UTC 2014

Thanks. This sounds more reasonalbe to me.

> Attacks of that size are starting to become commonplace via
> amplification as Roland mentions.  Your routers can filter them
> (assuming sufficient peering capacity) by rate limiting packets that are
> likely participating in such an attack (easy to distinguish by
> source-port and size).
> There are also occasional direct (not amplified) attacks of that scale.
>   You can absorb them by using anycast to prevent the attack from
> overwhelming any single datacenter, then running a pool of machines in
> each location to handle local load.  Most attacks of that scale are
> using large packets, so the query rate is not as high as you might think
> (but it can still be quite high!).
> Attacks at this scale are beyond the capabilities of most organizations,
> so you should always do your part to identify and dismantle the botnet
> infrastructure when possible.  Collecting a list of participating IPs
> and notifying their abuse contacts helps.

More information about the dns-operations mailing list