On Tue, Mar 26, 2013 at 08:07:22AM -0400, Patrick W. Gilmore wrote: > On Mar 26, 2013, at 08:01 , "Dobbins, Roland" <rdobb...@arbor.net> wrote: > > On Mar 26, 2013, at 6:50 PM, Jamie Bowden wrote: > > > >> let's suppose I just happen to have, or have access to, a botnet comprised > >> of (tens of) millions of random hosts all over the internet, and I feel > >> like destroying your DNS servers via DDoS; > > > > DNS reflection/amplification attacks aren't intended as attacks against the > > DNS, per se; they're intended to crush any/all targeted servers and/or fill > > transit pipes. > > To be more clear, the point of DNS reflection attacks is to amplify the > amount of bandwidth the botnet can muster (and perhaps hide the true source). > > If you have 10s of millions of bots, you don't need to amplify. You can crush > any single IP address on the 'Net. > > > TTFN, > patrick
"You are the Brut Squad!"