nanog mailing list archives
Re: DNS Amplification attack?
From: jay () miscreant org
Date: Wed, 21 Jan 2009 14:25:49 +1100
Quoting Chris Adams <cmadams () hiwaay net>:
Once upon a time, jay () miscreant org <jay () miscreant org> said:I've also noticed that on a server running BIND 9.3.4-P1 with recursion disabled, they're still appear to be getting the list of root NS's from cache, which is a 272-byte response to a 61-byte request, which by my definition is an amplification.Add "additional-from-cache no;" to the options{} section of your named.conf. -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Thanks for the response Chris.I'm running higher versions of BIND, so don't see this behaviour. But I will pass it on to the ISP in question ;)
Current thread:
- Re: DNS Amplification attack?, (continued)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? David Coulthart (Jan 21)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Kameron Gasso (Jan 20)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? Stuart Henderson (Jan 21)
- Re: DNS Amplification attack? Christopher Morrow (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Chris Adams (Jan 20)
- Re: DNS Amplification attack? jay (Jan 20)
- Re: DNS Amplification attack? Mark Andrews (Jan 20)
- Re: DNS Amplification attack? Crist Clark (Jan 21)
- Re: DNS Amplification attack? Chris Adams (Jan 21)
- Re: DNS Amplification attack? Mark Andrews (Jan 21)
- Re: DNS Amplification attack? Paul Vixie (Jan 21)
- Re: DNS Amplification attack? Florian Weimer (Jan 22)
- Re: DNS Amplification attack? Chris Adams (Jan 20)