DDos syn attack

Christopher L. Morrow chris at UU.NET
Mon Dec 30 19:42:07 UTC 2002


On Mon, 30 Dec 2002, Chris Wedgwood wrote:

>
> On Mon, Dec 30, 2002 at 08:09:17AM -0800, Randy Bush wrote:
>
> > actually, a bunch of research now shows that low ttls on A RRs (that
> > are not the A RRs of NS RRs) has little effect.
>
> maybe this could help find the attacking nwtwork?  assuming people are
> using local DNS servers?
>
> under attack you could sporadically 'lie' about the result... and log
> to whom you lied to... all the time looking for changes in the DDoS
> target
>
> a fair amount work perhaps...

wow, break bind in a new and horrid way to accomplish this task :) Nice...
perhaps mr. vixie will add this functionality for us?




More information about the NANOG mailing list