Bugtraq mailing list archives
Re: recursive DNS servers DDoS as a growing DDoS problem
From: Jim Pingle <jim () hpcisp com>
Date: Mon, 03 Apr 2006 19:12:31 -0400
Geo. wrote:
What is stopping you from running your own local DNS server?What is stopping you from running your own SMTP server? A port 25 block? Well if an ISP doesn't want to play whack-a-mole with unsecured dns servers popping up every day do you not think it likely that they will resort to the same techniques they used for smtp? Granted a port 53 inbound block would make more sense for the current example but just like bots started running their own SMTP engines I see the dns flood model changing to fit the new landscape.
We have done just this (block inbound udp/53) to certain subnets due to a rash of CPEs that happily proxy DNS, including recursive queries, from their WAN side. They DoS their own circuits more effectively than the intended DoS targets. Ingress/Egress filtering did not help because the traffic coming to the name server was not spoofed to appear like it was coming from our network, it really was. The attack reflected off of the routers and because they were local to our name servers, they got replies to the recursive queries despite our rejecting them from outside our network. And of course once it was cached, it was open for public queries. Broken/misconfigured/buggy routers appear to look just like open DNS servers, and are likely to be much higher in numbers. Jim
Current thread:
- Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Apr 01)
- <Possible follow-ups>
- RE: recursive DNS servers DDoS as a growing DDoS problem gboyce (Apr 01)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 04)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 09)
- Re: recursive DNS servers DDoS as a growing DDoS problem Erwan David (Apr 09)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Ross Wheeler (Apr 09)