lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060325094032.GS24049@cat.pdx.edu>
Date: Sat, 25 Mar 2006 01:40:32 -0800
From: MaddHatter <maddhatt+bugtraq@....pdx.edu>
To: Gadi Evron <ge@...uxbox.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: recursive DNS servers DDoS as a growing DDoS problem



> We discussed recursive DNS servers before (servers which allow to query
> anything - including what they are not authoritative for, through them).
> ...
> One of the problems is obviously the spoofing. ...

Maybe I'm misunderstanding the problem here (but I don't think so). It
seems to be the issue is not DNS -- recursive or not, but rather a failure
to adhere to BCP 38.
	http://rfc.net/bcp38.html

One may get easier/larger amplification from a recursive DNS server,
but the same problem exists for a non-recursive server. DNS, then, isn't
really where the problem needs to be fixed.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ