[dns-operations] Slow Drip DDOS Attack Research

Dave Lawrence tale at dd.org
Wed Nov 7 04:53:59 UTC 2018

Personally I've never been a fan of the "Slow Drip" moniker as from
the point of view of overwhelming an authority it is not at all really
like water torture.  Computers don't give a whit about the sort of
thing that is supposed to induce madness in human beings, and would
quite happily just absorb a "slow drip".  It's clearly not slow for
the target.

I've always guessed that this Slow Drip is supposed to refer to the
very low additional load it causes on the wide deployment of
recursives, but have never really seen the etymology described well,
unfortunately including in this paper.

There's an assertion made that "It utilizes client IP spoofing to a
degree not seen in other attacks" which kind of surprises me.  Given
that other DDoS attacks quite commonly use spoofing, I'm wondering how
"a degree not seen in other attacks" was quantified.

More information about the dns-operations mailing list