[78972] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sun Mar 27 13:26:21 2005
Date: Sun, 27 Mar 2005 18:25:48 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <16966.60114.821079.897459@roam.psg.com>
To: Randy Bush <randy@psg.com>
Cc: Joe Maimon <jmaimon@ttec.com>, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Sun, 27 Mar 2005, Randy Bush wrote:
>
> i have yet to see cogent arguments, other than scaling issues,
> against running open recursive servers.
>
The common example to NOT run them is the DNS Smurf attack, forge dns
requests from your victim for some 'large' response: MX for mci.com works
probably for this and make that happen from a few hundred of your
friends/bots. It seems that MX lookup will return 497 bytes, a query that
returns "see root please" is only 236 today.
Larger providers have the problem that you can't easily filter
'customers' from 'non-customers' in a sane and scalable fashion. While
they have to run the open resolvers for custoemr service reasons they
can't adequately protect them from abusers or attackers in all cases.
-Chris