DNS Amplification Attacks... and a trivial proposal
Tony Finch
dot at dotat.at
Fri Jun 14 09:39:08 UTC 2013
Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>
> P.P.S. Yes, yes, I _am_ aware... as someone will surely point out...
> that part (1) above contains the seed of potential abuse. A malicious
> prankster could, in theory send spoofed packets of type (1) above to
> lots and lots of DNS servers which he believes that his real victim, A,
> might be needing to send legitimate DNS/UDP queries to... and needing
> to get legitimate DNS/UDP queries back from... in the near/immediate future.
More amusingly, what if you send lots of these packets to an authoritative
name server spoofed "from" legitimate resolvers? The authoritative server
then has to shift a large proportion of its responses to TCP, which might
cause problems.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the bind-users
mailing list