nanog mailing list archives
Re: Mitigating DNS amplification attacks
From: Alain Hebert <ahebert () pubnix net>
Date: Wed, 01 May 2013 09:36:41 -0400
Well, I was going more for a public list of ISP that refuse to BCP38 their networks. But that's just me =D On point: (If your corporation is massive enough) Basically: . Mirror DST Port 53; . Write some software to stats who's spamming the same DST IP with the same query; . Dynamic ACL them; then . Give a talk to your customers =D ----- Alain Hebert ahebert () pubnix net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 05/01/13 06:42, Jeff Wheeler wrote:
On Tue, Apr 30, 2013 at 8:35 PM, Jared Mauch <jared () puck nether net> wrote:Please provide advice and insights as well as directing customers to the openresolverproject.org website. We want to close these down, if you need an accurate list of IPs in your ASN, please email me and I can give you very accurate data.I think that a public list of open-resolvers is probably overdue, and the only way to get them fixed. It is trivial to scan the entire IPv4 address space for DNS servers that do no throttling even without the resources of a malicious botnet. Smurf was only "fixed" because, as there were fewer networks not running `no ip directed-broadcast,` the remaining amplification sources were flooded with huge amounts of malicious traffic. The public list of smurf amplifiers turned out to be the only way to really deal with it. I predict the same will be true with DNS.
Current thread:
- Re: Mitigating DNS amplification attacks Dobbins, Roland (Apr 30)
- Re: Mitigating DNS amplification attacks Thomas St-Pierre (Apr 30)
- Re: Mitigating DNS amplification attacks Damian Menscher (Apr 30)
- Re: Mitigating DNS amplification attacks Thomas St-Pierre (Apr 30)
- Re: Mitigating DNS amplification attacks Dobbins, Roland (Apr 30)
- Re: Mitigating DNS amplification attacks Damian Menscher (Apr 30)
- Re: Mitigating DNS amplification attacks Doug Barton (May 01)
- Re: Mitigating DNS amplification attacks Thomas St-Pierre (Apr 30)
- <Possible follow-ups>
- Re: Mitigating DNS amplification attacks Jared Mauch (Apr 30)
- Re: Mitigating DNS amplification attacks Jeff Wheeler (May 01)
- Re: Mitigating DNS amplification attacks Dobbins, Roland (May 01)
- Re: Mitigating DNS amplification attacks Alain Hebert (May 01)
- Re: Mitigating DNS amplification attacks Jeff Wheeler (May 01)