DNS cache poisoning attacks -- are they real?

• Previous message (by thread): DNS cache poisoning attacks -- are they real?
• Next message (by thread): DNS cache poisoning attacks -- are they real?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 27 Mar 2005, Randy Bush wrote:

>
> i have yet to see cogent arguments, other than scaling issues,
> against running open recursive servers.
>

The common example to NOT run them is the DNS Smurf attack, forge dns
requests from your victim for some 'large' response: MX for mci.com works
probably for this and make that happen from a few hundred of your
friends/bots.  It seems that MX lookup will return 497 bytes, a query that
returns "see root please" is only 236 today.

Larger providers have the problem that you can't easily filter
'customers' from 'non-customers' in a sane and scalable fashion. While
they have to run the open resolvers for custoemr service reasons they
can't adequately protect them from abusers or attackers in all cases.

-Chris

• Previous message (by thread): DNS cache poisoning attacks -- are they real?
• Next message (by thread): DNS cache poisoning attacks -- are they real?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]