Bugtraq mailing list archives
Re: recursive DNS servers DDoS as a growing DDoS problem
From: v9 <v9 () fakehalo us>
Date: Wed, 1 Mar 2006 19:34:09 -0500 (EST)
Here are some dns servers I gathered/scanned during the time I researched this months ago(that appear to still be up): 68.1.199.151 68.1.196.116 68.1.195.161 68.1.193.177 Just remember when you test/capture packets that the domain being resolved must NOT exist(ie. "x"). On Thu, 2 Mar 2006, Gadi Evron wrote:
v9 () fakehalo us wrote:While you're on the subject of the potentials of DOSing using DNS servers, I noticed several months ago some possible abuses myself, although I soon lost interest for some reason or another. I noticed that a portion of the worlds DNS servers for some reason or another send back large amounts of duplicate replies if, and only if, the domain being resolved does not exist. The amount of duplicates seems to range between 2 and 24(in steps of 2, 4, 8, 12, 16, 20 and 24), where each reply packet is roughly 2.5x(including IP header) larger than the original request(because of the SOA). So, for example one request to a DNS server that sends 24 dups back would roughly equal 60x(24*2.5) amplification of data.This is very interesting. I don't have any idea why that is happeniong (yet). Can you share packet captures?
Current thread:
- Re: recursive DNS servers DDoS as a growing DDoS problem v9 (Mar 01)
- Message not available
- Re: recursive DNS servers DDoS as a growing DDoS problem v9 (Mar 02)
- Message not available
- <Possible follow-ups>
- Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Mar 02)
- Re: recursive DNS servers DDoS as a growing DDoS problem Ventsislav Genchev (Mar 10)
- Re: recursive DNS servers DDoS as a growing DDoS problem Robert Story (Mar 17)
- Re: recursive DNS servers DDoS as a growing DDoS problem Michael Sierchio (Mar 20)
- Re: recursive DNS servers DDoS as a growing DDoS problem Robert Story (Mar 17)
- Re: recursive DNS servers DDoS as a growing DDoS problem Chris Thompson (Mar 23)
- Re: recursive DNS servers DDoS as a growing DDoS problem Anton Ivanov (Mar 27)
- Re: recursive DNS servers DDoS as a growing DDoS problem MaddHatter (Mar 25)
- Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Mar 25)
- Re: recursive DNS servers DDoS as a growing DDoS problem Geo. (Mar 27)
- Re: recursive DNS servers DDoS as a growing DDoS problem mike davis (Mar 30)
- Re: recursive DNS servers DDoS as a growing DDoS problem Gadi Evron (Mar 25)