[45470] in North American Network Operators' Group
Re: DNS DOS increasing?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Feb 1 20:44:00 2002
From: "Steven M. Bellovin" <smb@research.att.com>
To: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 01 Feb 2002 20:43:22 -0500
Message-Id: <20020202014322.32FFA7B4B@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <24810615.1012581411@[172.25.106.112]>, Mike Batchelor writes:
>
>Stop allowing the world to recurse through your authoritative servers.
>This invites abuse.
>
>Provide a separate set of servers for your customers to recurse through,
>which serve no authoritative data and which have access restricted to your
>own network and your customers'.
>
>--On Saturday, January 19, 2002 1:59 PM -0500 Matt Martini
><martini@invision.net> wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> I've been seeing some strange problems in DNS lately (named 8.2.4-REL)
>> where the nameserver stops resolving certain sites. During investigation
>> I noticed that my query rate is way up. Many more DNS requests than
>> normal are hitting my servers. Is anyone else seeing anything like this?
You might be the intermediary in a DNS reflector attack (see
http://www.icir.org/vern/papers/reflectors.CCR.01/index.html for
details)
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
