[dns-operations] DNS reflection useful without amplification?

Phil Regnauld regnauld at nsrc.org
Thu Sep 8 08:48:03 UTC 2016

Paul Vixie (paul) writes:
> Damian Menscher wrote:
> >> ...
> >As I said earlier in this thread, reflection without amplification is
> >nearly indistinguishable from a direct (spoofed) attack.  ...
> and as i, and roland, and others have all said, the distinction is more
> notable in our experience than in your claim.

	Lots more work tracking down the source, especially if the initiator
	is using multiple reflectors for diversity. Instead of a single
	backtrack, it could be 5-10. Knock down one, 9 to go :(

> when calling NOC's looking for bumps in traffic graphs that might only match
> to one or two sigmas, a reflected attack is in practical terms untraceable.

	It is indeed a pain.

More information about the dns-operations mailing list