Bugtraq mailing list archives
Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 20 Mar 2006 12:25:05 -0500
Hello,
Indeed, interesting. I was not aware of this feature. But let's get to the point.. why is "recursive" in this email subject? It doesn't need to have anything to do with recursive DNS.. you can exploit this on normal public authoritative nameservers as well.
You can certainly get amplification from servers that don't provide you recursion, but you can get more if they do. For instance, if the attacker wants to attack servers at example.com, he could send a query to recursive.example.org for a large record that exists under example.com. He would of course spoof the source address of this request as if it came from some IP owned by example.com. Thus the traffic looks like: Attacker(spoofed) --query for bigrecord.example.com--> recursive.example.org recursive.example.org --query for bigrecord.example.com--> ns.example.com ns.example.com --response for bigrecord.example.com--> recursive.example.org recursive.example.org --response for bigrecord.example.com--> spoofed Where 'spoofed' is some IP at example.com. So now example.com not only receives a large record, their DNS server has to dish it out first. This assumes they host some large record there. cheers, tim
Current thread:
- RE: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Geo. (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Mark Senior (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Robert Story (Mar 17)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Bram Matthys (Syzop) (Mar 20)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Tim (Mar 23)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem gboyce (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Security Lists (Mar 10)
- Re: [Full-disclosure] Re: recursive DNS servers DDoS as a growing DDoSproblem Måns Nilsson (Mar 17)