On Wednesday 18 October 2006 19:41, Jo Rhett took the opportunity to say: > Magnus Holmgren wrote: > > The thing with e.g. the DNS-based DDoS attacks that became common a while > > ago is that there is a considerable bandwidth amplification; you send a > > small query packet with a forged sender address, asking for a response > > that is known to be many times larger, to a large number of recursing > > nameservers. > > Bingo. Very small spam messages with many recipients can get magnified > by the sending mail servers. This works with e-mail, unlike any other > TCP-based attack.
How, without open relays? Each MAIL FROM (+RCPT TO, preferably) from the
attacker should cause at most one callout to the victim.
OK, the attacker might have 100 zombies on different ISPs, with each ISP's
smarthost helping amplify the attack a bit. But does that really count? The
servers making the callouts aren't the ones which are amplifying.
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
pgpqhhz8pHyWS.pgp
Description: PGP signature
