[110861] in North American Network Operators' Group
Re: DNS Amplification attack?
daemon@ATHENA.MIT.EDU (Chris Adams)
Tue Jan 20 22:07:41 2009
Date: Tue, 20 Jan 2009 21:07:30 -0600
From: Chris Adams <cmadams@hiwaay.net>
To: NANOG list <nanog@nanog.org>
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>,
NANOG list <nanog@nanog.org>
In-Reply-To: <49768A07.7060105@visp.net>
Errors-To: nanog-bounces@nanog.org
Once upon a time, Kameron Gasso <kgasso-lists@visp.net> said:
> Fortunately, the spoofed queries are 60 bytes and my REFUSED responses
> are only 59, so it's a terribly inefficient way to DoS someone.
> However, I never said that the DDoS kiddies were smart - doesn't seem to
> be stopping them from trying. :(
Well, it still makes a DDoS, since they can (theoretically) have a bunch
of sources spoofing the IPs, and the packets to the targets have
legitimate source addresses (so they can't easily be blocked by the
target).
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
