nanog mailing list archives

Re: DNS Amplification attack?

From: Chris Adams <cmadams () hiwaay net>
Date: Tue, 20 Jan 2009 21:07:30 -0600

Once upon a time, Kameron Gasso <kgasso-lists () visp net> said:

Fortunately, the spoofed queries are 60 bytes and my REFUSED responses
are only 59, so it's a terribly inefficient way to DoS someone.
However, I never said that the DDoS kiddies were smart - doesn't seem to
be stopping them from trying. :(


Well, it still makes a DDoS, since they can (theoretically) have a bunch
of sources spoofing the IPs, and the packets to the targets have
legitimate source addresses (so they can't easily be blocked by the
target).

-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Current thread:

DNS Amplification attack? Wil Schultz (Jan 20)
- Re: DNS Amplification attack? Raoul Bhatia [IPAX] (Jan 20)
- Re: DNS Amplification attack? David W. Hankins (Jan 20)
  - Re: DNS Amplification attack? Mark Andrews (Jan 20)
  - Re: DNS Amplification attack? David Coulthart (Jan 21)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
  - Re: DNS Amplification attack? Christopher Morrow (Jan 20)
    - Re: DNS Amplification attack? Kameron Gasso (Jan 20)
    - Re: DNS Amplification attack? Christopher Morrow (Jan 20)
    - Re: DNS Amplification attack? Chris Adams (Jan 20)
    - Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- <Possible follow-ups>
- Re: DNS Amplification attack? jay (Jan 20)
  - Re: DNS Amplification attack? Chris Adams (Jan 20)
    - Re: DNS Amplification attack? jay (Jan 20)
  - Re: DNS Amplification attack? Mark Andrews (Jan 20)
    - Re: DNS Amplification attack? Crist Clark (Jan 21)
    - Re: DNS Amplification attack? Chris Adams (Jan 21)
    - Re: DNS Amplification attack? Mark Andrews (Jan 21)
    - Re: DNS Amplification attack? Paul Vixie (Jan 21)
    - Re: DNS Amplification attack? Florian Weimer (Jan 22)