DNS dDos Attack!

• Previous message (by thread): DNS dDos Attack!
• Next message (by thread): DNS dDos Attack!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On Friday, March 28, 2003 09:28:48 AM -0500 Dan Armstrong 
<dan at beanfield.com> wrote:

> Sorry, I lied.  We are running 8.34Release
>
> What I cannot figure out is why *our* name server is sending out ICMP
> unreachables.  The incoming dns queries are coming from random
> destinations....

Are you sure the inbound attack packets are really valid queries, or are
they responses? I ask because in the classic DDoS-via-nameservers attack,
the victim will receive answers from a slew of other nameservers and send
out ICMP unreachables. See

  http://www.cert.org/incident_notes/IN-2000-04.html

Kevin

• Previous message (by thread): DNS dDos Attack!
• Next message (by thread): DNS dDos Attack!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]