DNS Amplification Attacks... and a trivial proposal

Tony Finch dot at dotat.at
Fri Jun 14 09:39:08 UTC 2013

Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> P.P.S.  Yes, yes, I _am_ aware... as someone will surely point out...
> that part (1) above contains the seed of potential abuse.  A malicious
> prankster could, in theory send spoofed packets of type (1) above to
> lots and lots of DNS servers which he believes that his real victim, A,
> might be needing to send legitimate DNS/UDP queries to... and needing
> to get legitimate DNS/UDP queries back from... in the near/immediate future.

More amusingly, what if you send lots of these packets to an authoritative
name server spoofed "from" legitimate resolvers? The authoritative server
then has to shift a large proportion of its responses to TCP, which might
cause problems.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

More information about the bind-users mailing list