|
Full Disclosure
mailing list archives
Re: Re: recursive DNS servers DDoS as a growing DDoSproblem
From: gboyce <gboyce () badbelly com>
Date: Wed, 8 Mar 2006 14:58:20 -0500 (EST)
On Wed, 8 Mar 2006, Security Lists wrote:
Sorry, I don't see this as amplification in your example, because YOUR dns
servers are 100% of the traffic. 1:1 ratio.
Once the first request to the nameservers is made, the object should be
cached by the nameservers. Instead of one packet to each server, consider
a stream of packets to each server. The recipient will recieve a stream
of 100K answers with likely only 200K of traffic back to the attackers DNS
server.
Or better, find some random authoritative nameserver with a big DNS
record, and then a very small portion of the attackers traffic is used and
it is less likely to be tied back to the attacker since they don't own the
record being requested.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
Intro
