Tightened DNS security question re: DNS amplification attacks.

• Previous message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Next message (by thread): out-of-band access bandwidth
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ----- Original Message -----
> From: "aljuhani" <info at linuxmount.com>
> Subject: Re: Tightened DNS security  question re: DNS amplification
>         attacks.
> To: "nanog" <nanog at merit.edu>
>
> Well the RBLs, in using dns queries, is another form of legal DDoS attacks, mainly when the
> suddenly cease to respond or re-configure to black-list the entire wold.   One should just
> imagine the bandwidth consumption during a
> +given time-frame, RBLs consume as oppose to volume of spam messages.
>

If you folks are really serious about this, can I suggest using BGP for this ? Maybe a
multi-hop BGP-session like Team Cymru already has for bogons [0]. With different communities
for different types of traffic that should be dropped.

That way you, the network operator, could choose what you what to drop and how.

They are already a pretty trusted party if people actually use these bogon-sessions.

Might it actually be a structural solution ? Atleast if I didn't forget something important.

[0] http://www.team-cymru.org/Services/Bogons/routeserver.html

> ----- Original Message -----
> From: "Frank Bulk" <frnkblk at iname.com>
> To: "'Paul Vixie'" <vixie at isc.org>; <nanog at merit.edu>
> Sent: Wednesday, January 28, 2009 18:02
> Subject: RE: Tightened DNS security question re: DNS amplification attacks.
>
>
> | Pretty soon we need an RBL for DNS-oriented DDoS attacks. =)
> |

• Previous message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Next message (by thread): out-of-band access bandwidth
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]