DNS DOS increasing?
Steven M. Bellovin
smb at research.att.com
Sat Feb 2 01:43:22 UTC 2002
In message <24810615.1012581411@[172.25.106.112]>, Mike Batchelor writes:
>
>Stop allowing the world to recurse through your authoritative servers.
>This invites abuse.
>
>Provide a separate set of servers for your customers to recurse through,
>which serve no authoritative data and which have access restricted to your
>own network and your customers'.
>
>--On Saturday, January 19, 2002 1:59 PM -0500 Matt Martini
><martini at invision.net> wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> I've been seeing some strange problems in DNS lately (named 8.2.4-REL)
>> where the nameserver stops resolving certain sites. During investigation
>> I noticed that my query rate is way up. Many more DNS requests than
>> normal are hitting my servers. Is anyone else seeing anything like this?
You might be the intermediary in a DNS reflector attack (see
http://www.icir.org/vern/papers/reflectors.CCR.01/index.html for
details)
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
More information about the NANOG
mailing list