Re: DNS Server DoS Attacks

["John S. Quarterman" <jsq@matrix.net>]

[ post by non-subscriber.  with the massive amount of spam, it is easy to
  miss and therefore delete mis-posts.  so fix subscription addresses! ]

>I thought that was the most likely situation.
>
>There may also have been measurement problems due to ISPs turning off
>transport of ICMP pings and due to ICMP packets being preferentially
>dropped which would explain some of the measurements.

Do you have evidence for either of those things?
If not, it would be best not to base architecture on speculation.

-jsq

>> -----Original Message-----
>> From: John S. Quarterman [mailto:jsq@matrix.net]
>> Sent: Monday, November 25, 2002 11:37 AM
>> To: Hallam-Baker, Phillip
>> Cc: John S. Quarterman; 'D. J. Bernstein'; namedroppers@ops.ietf.org
>> Subject: Re: DNS Server DoS Attacks 
>> 
>> 
>> > Second it would be useful to know which systems (if any) 
>> went down. To
>> > date I know the identity of 5 of the 4 servers that stayed 
>> up and do not
>> > know the identity of a single machine that went down.
>> 
>> All 13 root DNS servers were up during the DDoS attack of 
>> 22-23 October 2002.
>> 3 of them turned off ICMP ECHO responses, but were responding 
>> to DNS requests.
>> There were side effects on Internet performance elsewhere.
>> 
>> -jsq



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>