DNS dDos Attack!
Kevin Houle
kjh at cert.org
Fri Mar 28 14:52:40 UTC 2003
--On Friday, March 28, 2003 09:28:48 AM -0500 Dan Armstrong
<dan at beanfield.com> wrote:
> Sorry, I lied. We are running 8.34Release
>
> What I cannot figure out is why *our* name server is sending out ICMP
> unreachables. The incoming dns queries are coming from random
> destinations....
Are you sure the inbound attack packets are really valid queries, or are
they responses? I ask because in the classic DDoS-via-nameservers attack,
the victim will receive answers from a slew of other nameservers and send
out ICMP unreachables. See
http://www.cert.org/incident_notes/IN-2000-04.html
Kevin
More information about the NANOG
mailing list