DNS Amplification Attacks

Joseph S D Yao jsdy at center.osis.gov
Fri Mar 24 20:45:53 UTC 2006

On Thu, Mar 23, 2006 at 09:35:34AM +0000, Michael.Dillon at btradianz.com wrote:
> > > DNS looking glasses, in much the same way that we use web-form based
> > > BGP or traceroute looking glasses today.
> > 
> > Open resolvers are far better then looking glasses to assess the state
> > of DNS, and we are campaigning against them.  You can't have it both
> > ways. 8-(
> What is the definition of "DNS Looking Glass"?
> If it is a PERL CGI script then I would agree with you.
> If it is a DNS proxy that applies rate limiting
> and damping then I disagree with you. 

I believe he's talking about things like the Looking Glass Web sites.
The one I wrote was a simple hardened shell script that called local
resources to do its thing.

Joe Yao
   This message is not an official statement of OSIS Center policies.

More information about the NANOG mailing list