nanog mailing list archives

Re: DNS cache poisoning attacks -- are they real?

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Sun, 27 Mar 2005 18:25:48 +0000 (GMT)


On Sun, 27 Mar 2005, Randy Bush wrote:


i have yet to see cogent arguments, other than scaling issues,
against running open recursive servers.


The common example to NOT run them is the DNS Smurf attack, forge dns
requests from your victim for some 'large' response: MX for mci.com works
probably for this and make that happen from a few hundred of your
friends/bots.  It seems that MX lookup will return 497 bytes, a query that
returns "see root please" is only 236 today.

Larger providers have the problem that you can't easily filter
'customers' from 'non-customers' in a sane and scalable fashion. While
they have to run the open resolvers for custoemr service reasons they
can't adequately protect them from abusers or attackers in all cases.

-Chris

Current thread:

Re: DNS cache poisoning attacks -- are they real?, (continued)
- - Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Sean Donelan (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Joe Abley (Mar 26)
    - Re: DNS cache poisoning attacks -- are they real? Niels Bakker (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Edward Lewis (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 26)
  - Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Simon Waters (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 28)

(Thread continues...)