--On den 8 mars 2006 14.58.20 -0500 gboyce <[EMAIL PROTECTED]> wrote:
> On Wed, 8 Mar 2006, Security Lists wrote:
>
>> Sorry, I don't see this as amplification in your example, because YOUR
>> dns servers are 100% of the traffic. 1:1 ratio.
>
> Once the first request to the nameservers is ma
t: RE: [Full-disclosure] Re: recursive DNS servers DDoS as a
growing DDoSproblem
>>In the scenario you describe, I cannot see any actual amplification...
I'll give you a senario where you can see.
lets say you have 2 name servers that are local to you.
I setup a domain, example.com.
Correct me if I'm wrong, but I was under the impression that DNS
responses that go over the max size of a UDP datagram won't get split
into multiple UDP datagrams. Rather, a response with only partial
data will be sent back, and the client has to reconnect over TCP to
get the full data.
RFC 2671
On Wed, 8 Mar 2006, Security Lists wrote:
Sorry, I don't see this as amplification in your example, because YOUR dns
servers are 100% of the traffic. 1:1 ratio.
Once the first request to the nameservers is made, the object should be
cached by the nameservers. Instead of one packet to each s
Sorry, I don't see this as amplification in your example, because YOUR
dns servers are 100% of the traffic. 1:1 ratio.
Now, if you get the world to cache your text records, and have THEM
flood with source-spoofed UDP (unrelated to the victim's DNS servers),
that'd work, and is actually a good
>>In the scenario you describe, I cannot see any actual amplification...
I'll give you a senario where you can see.
lets say you have 2 name servers that are local to you.
I setup a domain, example.com. In this domain I create a text record which is
100K in length, I don't know, perhaps I paste