Network Security: Detailed info on Re: recursive DNS servers DDoS as a growing DDoS problem

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: recursive DNS servers DDoS as a growing DDoS problem

from [Gadi Evron] Network Security

[Permanent Link]

Subject:	Re: recursive DNS servers DDoS as a growing DDoS problem
Date:	Sat, 25 Mar 2006 18:06:58 +0200

MaddHatter wrote:

We discussed recursive DNS servers before (servers which allow to query
anything - including what they are not authoritative for, through them).
...
One of the problems is obviously the spoofing. ...

Maybe I'm misunderstanding the problem here (but I don't think so). It
seems to be the issue is not DNS -- recursive or not, but rather a failure
to adhere to BCP 38.
        http://rfc.net/bcp38.html

One may get easier/larger amplification from a recursive DNS server,
but the same problem exists for a non-recursive server. DNS, then, isn't
really where the problem needs to be fixed.


You are right, to a degree.

Spoofing is indeed the attack vector and it can also be utilized for NTP, ICMP, etc. It is to blame.

Still, DNS is what's being exploited and in my opinion a broken feature being exploited needs fixing, or it will be exploited.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: recursive DNS servers DDoS as a growing DDoS problem, v9 Message not available Re: recursive DNS servers DDoS as a growing DDoS problem, v9 Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron Re: recursive DNS servers DDoS as a growing DDoS problem, Ventsislav Genchev Re: recursive DNS servers DDoS as a growing DDoS problem, Robert Story Re: recursive DNS servers DDoS as a growing DDoS problem, Michael Sierchio Re: recursive DNS servers DDoS as a growing DDoS problem, Chris Thompson Re: recursive DNS servers DDoS as a growing DDoS problem, Anton Ivanov Re: recursive DNS servers DDoS as a growing DDoS problem, MaddHatter Re: recursive DNS servers DDoS as a growing DDoS problem, Gadi Evron <= Re: recursive DNS servers DDoS as a growing DDoS problem, Geo. Re: recursive DNS servers DDoS as a growing DDoS problem, mike davis Re: recursive DNS servers DDoS as a growing DDoS problem, Geo. Re: recursive DNS servers DDoS as a growing DDoS problem, gboyce Re: recursive DNS servers DDoS as a growing DDoS problem, Stephen Samuel RE: recursive DNS servers DDoS as a growing DDoS problem, Geo.

Previous by Date:	Re: recursive DNS servers DDoS as a growing DDoS problem, MaddHatter
Next by Date:	UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection, dabdoub_mosikar
Previous by Thread:	Re: recursive DNS servers DDoS as a growing DDoS problem, MaddHatter
Next by Thread:	Re: recursive DNS servers DDoS as a growing DDoS problem, Geo.
Indexes:	[Date] [Thread] [Top] [All Lists]