Bugtraq mailing list archives
RE: recursive DNS servers DDoS as a growing DDoS problem
From: "Geo." <geoincidents () nls net>
Date: Tue, 4 Apr 2006 08:32:29 -0400
We have done just this (block inbound udp/53) to certain subnets due to a rash of CPEs that happily proxy DNS, including recursive queries, from their WAN side.
What devices? Is this a default or something customers are configuring?
Ingress/Egress filtering did not help because the traffic coming to the name server was not spoofed to appear like it was coming from our
network, it
really was.
Ingress/Egress filtering really needs to be addressed by router manufacturers so it's a default when the router is configured. If every dsl router did *gress filtering most of the spoofing issues would go away overnight. It's the same sort of thing as Exchange finally installing with relay disabled or the patch for smurf ping replies. In the case where a router is located someplace that *gress filtering just isn't a viable option the people configuring those routers should be smart enough to be able to figure out how to disable it so enabled by default really should not be a change that is an issue for router manufacturers. Geo.
Current thread:
- Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Apr 01)
- <Possible follow-ups>
- RE: recursive DNS servers DDoS as a growing DDoS problem gboyce (Apr 01)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 04)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Jim Pingle (Apr 09)
- Re: recursive DNS servers DDoS as a growing DDoS problem Erwan David (Apr 09)
- RE: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Apr 03)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Tim (Apr 04)
- Re: recursive DNS servers DDoS as a growing DDoS problem Ross Wheeler (Apr 09)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Apr 09)