Full Disclosure mailing list archives
Re: Re: recursive DNS servers DDoS as a growing DDoSproblem
From: gboyce <gboyce () badbelly com>
Date: Wed, 8 Mar 2006 14:58:20 -0500 (EST)
On Wed, 8 Mar 2006, Security Lists wrote:
Sorry, I don't see this as amplification in your example, because YOUR dns servers are 100% of the traffic. 1:1 ratio.
Once the first request to the nameservers is made, the object should be cached by the nameservers. Instead of one packet to each server, consider a stream of packets to each server. The recipient will recieve a stream of 100K answers with likely only 200K of traffic back to the attackers DNS server.
Or better, find some random authoritative nameserver with a big DNS record, and then a very small portion of the attackers traffic is used and it is less likely to be tied back to the attacker since they don't own the record being requested.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: recursive DNS servers DDoS as a growing DDoS problem Ventsislav Genchev (Mar 08)
- RE: Re: recursive DNS servers DDoS as a growing DDoSproblem Geo. (Mar 08)
- Re: Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 08)
- Re: Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 08)
- Re: Re: recursive DNS servers DDoS as a growing DDoSproblem Mark Senior (Mar 08)
- Re: Re: recursive DNS servers DDoS as a growing DDoSproblem Måns Nilsson (Mar 13)
- Re: Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 08)
- RE: Re: recursive DNS servers DDoS as a growing DDoSproblem Geo. (Mar 08)