Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: recursive DNS servers DDoS as a growing DDoS problem
From: MaddHatter <maddhatt+bugtraq () cat pdx edu>
Date: Sat, 25 Mar 2006 01:40:32 -0800


We discussed recursive DNS servers before (servers which allow to query
anything - including what they are not authoritative for, through them).
...
One of the problems is obviously the spoofing. ...


Maybe I'm misunderstanding the problem here (but I don't think so). It
seems to be the issue is not DNS -- recursive or not, but rather a failure
to adhere to BCP 38.
        http://rfc.net/bcp38.html

One may get easier/larger amplification from a recursive DNS server,
but the same problem exists for a non-recursive server. DNS, then, isn't
really where the problem needs to be fixed.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]