[161724] in North American Network Operators' Group
Re: ORP
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Tue Mar 26 08:18:52 2013
Date: Tue, 26 Mar 2013 12:12:46 +0000
From: bmanning@vacation.karoshi.com
To: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <742FD6F7-6986-4916-9C9A-8012281F93D0@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Mar 26, 2013 at 08:07:22AM -0400, Patrick W. Gilmore wrote:
> On Mar 26, 2013, at 08:01 , "Dobbins, Roland" <rdobbins@arbor.net> wrote:
> > On Mar 26, 2013, at 6:50 PM, Jamie Bowden wrote:
> >
> >> let's suppose I just happen to have, or have access to, a botnet comprised of (tens of) millions of random hosts all over the internet, and I feel like destroying your DNS servers via DDoS;
> >
> > DNS reflection/amplification attacks aren't intended as attacks against the DNS, per se; they're intended to crush any/all targeted servers and/or fill transit pipes.
>
> To be more clear, the point of DNS reflection attacks is to amplify the amount of bandwidth the botnet can muster (and perhaps hide the true source).
>
> If you have 10s of millions of bots, you don't need to amplify. You can crush any single IP address on the 'Net.
>
>
> TTFN,
> patrick
"You are the Brut Squad!"
