Basic Question re Security issue
Ronald F. Guilmette
rfg at tristatelogic.com
Sun Jul 27 02:00:46 UTC 2008
In message <606F1AD6-F86A-436B-972E-1F204C64464C at menandmice.com>,
Chris Buxton <cbuxton at menandmice.com> wrote:
>Yes. There is an attack based on DNS queries with forged source
>addresses.
>
>{basic description of DNS amplification attack scenario snipped}
Although "open" recursive servers are certainly the easiest way to
obtain the kinds of amplification needed to make an attack of this
type truly menacing, I have long wondered if that's really the only
way to obtain serious amplification for such an attack.
Wouldn't it perhaps be more accurate to say that _any_ DNS server
that is willing and able to serve up _any_ responses (even ones for
zones for which it is authoritative) which are significantly larger
than the relevant queries could be exploited as amplifiers, and thus
be used as part of such an attack?
More information about the bind-users
mailing list