[54438] in North American Network Operators' Group
Re: DDos syn attack
daemon@ATHENA.MIT.EDU (Chris Wedgwood)
Mon Dec 30 13:53:40 2002
Date: Mon, 30 Dec 2002 10:53:10 -0800
From: Chris Wedgwood <cw@f00f.org>
To: Randy Bush <randy@psg.com>
Cc: "Christopher L. Morrow" <chris@uu.net>, nanog@merit.edu
In-Reply-To: <E18T2Td-000Aqz-00@roam.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, Dec 30, 2002 at 08:09:17AM -0800, Randy Bush wrote:
> actually, a bunch of research now shows that low ttls on A RRs (that
> are not the A RRs of NS RRs) has little effect.
maybe this could help find the attacking nwtwork? assuming people are
using local DNS servers?
under attack you could sporadically 'lie' about the result... and log
to whom you lied to... all the time looking for changes in the DDoS
target
a fair amount work perhaps...
--cw
