|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: "Patrick W. Gilmore" <patrick@ianai.net> In-Reply-To: <572FDFDB-A053-4451-AA50-79D5F8F8109D@arbor.net> Date: Tue, 26 Mar 2013 08:07:22 -0400 To: NANOG list <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On Mar 26, 2013, at 08:01 , "Dobbins, Roland" <rdobbins@arbor.net> = wrote: > On Mar 26, 2013, at 6:50 PM, Jamie Bowden wrote: >=20 >> let's suppose I just happen to have, or have access to, a botnet = comprised of (tens of) millions of random hosts all over the internet, = and I feel like destroying your DNS servers via DDoS; >=20 > DNS reflection/amplification attacks aren't intended as attacks = against the DNS, per se; they're intended to crush any/all targeted = servers and/or fill transit pipes. To be more clear, the point of DNS reflection attacks is to amplify the = amount of bandwidth the botnet can muster (and perhaps hide the true = source). If you have 10s of millions of bots, you don't need to amplify. You can = crush any single IP address on the 'Net. > Same for SNMP and ntp reflection attacks. And far too many other things. :( --=20 TTFN, patrick
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |