[110859] in North American Network Operators' Group
Re: DNS Amplification attack?
daemon@ATHENA.MIT.EDU (Kameron Gasso)
Tue Jan 20 21:36:10 2009
Date: Tue, 20 Jan 2009 18:35:51 -0800
From: Kameron Gasso <kgasso-lists@visp.net>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <75cb24520901201821s3ce653bbk20efaa4d86a4a8f@mail.gmail.com>
Cc: kgasso@visp.net, NANOG list <nanog@nanog.org>
Reply-To: kgasso@visp.net
Errors-To: nanog-bounces@nanog.org
Christopher Morrow wrote:
> a point to bear in mind here is that... 'its working' is good enough
> for the bad folks :( no need to optimize when this works. Also, it's
> likely this isn't all of the problem the spoofed requestors are seeing
> these past few days :(
Unfortunately, I can't restrict traffic to/from my authoritative
nameservers like I can with my recursive ones, since it will break DNS
resolution for outside visitors to domains we host.
Fortunately, the spoofed queries are 60 bytes and my REFUSED responses
are only 59, so it's a terribly inefficient way to DoS someone.
However, I never said that the DDoS kiddies were smart - doesn't seem to
be stopping them from trying. :(
Thanks,
--
Kameron Gasso | Senior Systems Administrator | visp.net
Direct: 541-955-6903 | Fax: 541-471-0821
