Bugtraq mailing list archives
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
From: "Mark Senior" <senatorfrog () gmail com>
Date: Wed, 8 Mar 2006 15:55:21 -0700
Correct me if I'm wrong, but I was under the impression that DNS responses that go over the max size of a UDP datagram won't get split into multiple UDP datagrams. Rather, a response with only partial data will be sent back, and the client has to reconnect over TCP to get the full data. RFC 2671 even suggests that UDP DNS messages can't go over 512 bytes (although it may be old news now that that has been increased). So, you can send a bunch of source-spoofed requests that are under 100 bytes, and get a bunch of 512 bytes responses. With the UDP headers, that would increase the size a little, but not a huge amount. We're talking about a traffic amplification of about 10:1 or less. Respectable, but not enormous. (Sorry to respond to you twice - I forgot to copy the lists the first time) Regards Mark
Once the first request to the nameservers is made, the object should be cached by the nameservers. Instead of one packet to each server, consider a stream of packets to each server. The recipient will recieve a stream of 100K answers with likely only 200K of traffic back to the attackers DNS server.
Current thread:
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Geo. (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mark Senior (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Robert Story (Mar 17)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Bram Matthys (Syzop) (Mar 20)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Tim (Mar 23)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Måns Nilsson (Mar 17)