[dns-operations] DNS reflection useful without amplification?
Phil Regnauld
regnauld at nsrc.org
Thu Sep 8 08:48:03 UTC 2016
Paul Vixie (paul) writes:
>
>
> Damian Menscher wrote:
> >> ...
> >As I said earlier in this thread, reflection without amplification is
> >nearly indistinguishable from a direct (spoofed) attack. ...
>
> and as i, and roland, and others have all said, the distinction is more
> notable in our experience than in your claim.
Lots more work tracking down the source, especially if the initiator
is using multiple reflectors for diversity. Instead of a single
backtrack, it could be 5-10. Knock down one, 9 to go :(
> when calling NOC's looking for bumps in traffic graphs that might only match
> to one or two sigmas, a reflected attack is in practical terms untraceable.
It is indeed a pain.
More information about the dns-operations
mailing list