nanog mailing list archives
Re: DNS dDos Attack!
From: Kevin Houle <kjh () cert org>
Date: Fri, 28 Mar 2003 09:52:40 -0500
--On Friday, March 28, 2003 09:28:48 AM -0500 Dan Armstrong <dan () beanfield com> wrote:
Sorry, I lied. We are running 8.34Release What I cannot figure out is why *our* name server is sending out ICMP unreachables. The incoming dns queries are coming from random destinations....
Are you sure the inbound attack packets are really valid queries, or are they responses? I ask because in the classic DDoS-via-nameservers attack, the victim will receive answers from a slew of other nameservers and send out ICMP unreachables. See http://www.cert.org/incident_notes/IN-2000-04.html Kevin
Current thread:
- DNS dDos Attack! Dan Armstrong (Mar 28)
- Re: DNS dDos Attack! Stephen J. Wilcox (Mar 28)
- Message not available
- Re: DNS dDos Attack! Dan Armstrong (Mar 28)
- Re: DNS dDos Attack! Jared Mauch (Mar 28)
- Re: DNS dDos Attack! Kevin Houle (Mar 28)
- Re: DNS dDos Attack! Dan Armstrong (Mar 28)