[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS Server DoS Attacks

To: <namedroppers@ops.ietf.org>
Subject: Re: DNS Server DoS Attacks
From: Rob Thomas <robt@cymru.com>
Date: Sat, 23 Nov 2002 00:49:55 -0600 (CST)
In-reply-to: <20021123023343.628C337A037@as.vix.com>

] well, like i said, we could secure the edge.

Agreed.  In one study I conducted of an oft' attacked web site, 66.85%
of all naughty packets received were obvious bogons.  Not just spoofed
legitimate addresses, but outright bogons.  Honestly if I never receive
another packet from 127.1.2.3 I'll be a happy man.  :)  Think of the
amount of garbage we could avoid with some reasonably simple filtering.

The results of the study (along with a few others) can be seen in a
presentation I gave to Surfnet entitled "60 Days of Basic Naughtiness."
You will find a zip'd copy, in Powerpoint format, here:

http://www.cymru.com/Presentations/60Days.zip

The analyzed attacks are tame in comparison to what is seen today.  The
simple things work, often to a great degree.  Raising the bar won't
solve the world's problems, but it will make things a little better.

-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: DNS Server DoS Attacks
  - From: Paul Vixie <paul@vix.com>

Prev by Date: Re: DNS Server DoS Attacks
Next by Date: Re: axfr-clarify on the move again
Previous by thread: IPv7
Next by thread: Re: DNS Server DoS Attacks
Index(es):
- Date
- Thread