| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0603081454420.20312@localhost.localdomain> Date: Wed, 8 Mar 2006 14:58:20 -0500 (EST) From: gboyce <gboyce@...belly.com> To: Security Lists <securitylists@...ontown.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Re: recursive DNS servers DDoS as a growing DDoSproblem On Wed, 8 Mar 2006, Security Lists wrote: > Sorry, I don't see this as amplification in your example, because YOUR dns > servers are 100% of the traffic. 1:1 ratio. Once the first request to the nameservers is made, the object should be cached by the nameservers. Instead of one packet to each server, consider a stream of packets to each server. The recipient will recieve a stream of 100K answers with likely only 200K of traffic back to the attackers DNS server. Or better, find some random authoritative nameserver with a big DNS record, and then a very small portion of the attackers traffic is used and it is less likely to be tied back to the attacker since they don't own the record being requested. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists