nanog mailing list archives
DNS Amplification Attacks
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 17 Mar 2006 23:58:22 +0200
In this paper we address in detail how the recent DNS DDoS attacks work.How they abuse name servers, EDNS, the recursive feature and UDP packet spoofing, as well as how the amplification effect works.
Our study is based on packet captures (we provide with samples) and logs from attacks on different networks reported to have a volume of 2.8Gbps. One of these networks indicated some attacks have reached as high as 10Gbps and used as many as 140,000 exploited name servers.
In the conclusions we also discuss some remediation suggestions.Given recent events, we have been encouraged to make this text available at this time.
URL: http://www.isotf.org/news/DNS-Amplification-Attacks.pdfPlease note that this version of this paper is prior to submission for publication and that the final version may see significant revisions.
Thanks, Randy Vaughn and Gadi Evron.
Current thread:
- DNS Amplification Attacks Gadi Evron (Mar 17)
- Re: DNS Amplification Attacks ennova2005-nanog (Mar 17)
- Re: DNS Amplification Attacks Sean Donelan (Mar 19)
- Re: DNS Amplification Attacks Gadi Evron (Mar 20)
- RE: DNS Amplification Attacks Geo. (Mar 20)
- Re: DNS Amplification Attacks Gadi Evron (Mar 20)
- Re: DNS Amplification Attacks Joseph S D Yao (Mar 20)
- Re: DNS Amplification Attacks Peter Dambier (Mar 20)
- Re: DNS Amplification Attacks Todd Vierling (Mar 20)
- Re: DNS Amplification Attacks Florian Weimer (Mar 22)
- Re: DNS Amplification Attacks Peter Dambier (Mar 22)
- Re: DNS Amplification Attacks Sean Donelan (Mar 19)
- Re: DNS Amplification Attacks ennova2005-nanog (Mar 17)