The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


DNS Amplification Attacks


<< Previous INDEX Search src / Print Next >>
Date: Sat, 18 Mar 2006 00:00:24 +0200
From: Gadi Evron <ge@linuxbox.org.>
To: [email protected]
Subject: DNS Amplification Attacks
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-1.7.5 (linuxbox.org [24.155.83.21]); Fri, 17 Mar 2006 16:04:03 -0600 (CST)
X-Virus-Scanned: antivirus-gw at tyumen.ru

In this paper we address in detail how the recent DNS DDoS attacks work.
How they abuse name servers, EDNS, the recursive feature and UDP packet 
spoofing, as well as how the amplification effect works.

Our study is based on packet captures (we provide with samples) and logs 
from attacks on different networks reported to have a volume of 2.8Gbps. 
One of these networks indicated some attacks have reached as high as 
10Gbps and used as many as 140,000 exploited name servers.

In the conclusions we also discuss some remediation suggestions.

Given recent events, we have been encouraged to make this text available 
at this time.

URL: http://www.isotf.org/news/DNS-Amplification-Attacks.pdf

Please note that this version of this paper is prior to submission for 
publication and that the final version may see significant revisions.

Thanks,

Randy Vaughn and Gadi Evron.


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру