nanog mailing list archives

Re: Tightened DNS security question re: DNS amplification attacks.

From: Chris Adams <cmadams () hiwaay net>
Date: Tue, 27 Jan 2009 22:19:40 -0600

Once upon a time, David Andersen <dga () cs cmu edu> said:

Actually, ". IN NS" is a particularly useful thing for them to do,  
because it's an almost globally guaranteed response that will get a  
large response and be in cache.


That's only true on servers that aren't well-configured.

"<tld>. IN NS", of course, but the set of things that work well for  
such an attack are relatively limited.


Try "aol.com. MX", "hotmail.com. MX", any domain with a big SPF TXT
record, etc.  There's nothing really special about ". NS".  If somebody
is serving cached data to the world (even if they aren't recursing for
the world), there are any number of things that are likely in the cache.

And, since most people have SMTP servers, it is often easy to "prime"
somebody's cache, since the SMTP servers often use the same DNS servers.

-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Current thread:

Re: Tightened DNS security question re: DNS amplification attacks., (continued)
- - - Re: Tightened DNS security question re: DNS amplification attacks. jay (Jan 27)
    - Re: Tightened DNS security question re: DNS amplification attacks. Steve Pirk (Jan 27)
    - Re: Tightened DNS security question re: DNS amplification attacks. Mark Andrews (Jan 27)
    - RE: Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED] David Zielezna (Jan 27)
    - Message not available
    - RE: Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED] David Zielezna (Jan 27)
    - Re: Tightened DNS security question re: DNS amplification attacks. fredrik danerklint (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Charles Morris (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Graeme Fowler (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Paul Vixie (Jan 27)
    - Re: Tightened DNS security question re: DNS amplification attacks. David Andersen (Jan 27)
    - Re: Tightened DNS security question re: DNS amplification attacks. Chris Adams (Jan 27)
    - RE: Tightened DNS security question re: DNS amplification attacks. Frank Bulk (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Paul Vixie (Jan 28)
    - Re: Tightened DNS security question re: DNS amplification attacks. Jack Bates (Jan 28)
    - cogent issues? John Martinez (Jan 28)
    - Re: cogent issues? Brandon Galbraith (Jan 28)
    - Re: cogent issues? Ray Sanders (Jan 28)
    - Re: cogent issues? Wil Schultz (Jan 28)
    - Re: cogent issues? John Martinez (Jan 28)
    - RE: cogent issues? Ryan Werber (Jan 28)
    - Re: cogent issues? John Martinez (Jan 28)

(Thread continues...)