[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dns-operations
Subject:    [dns-operations] dealing with DDoS/amplification attacks
From:       jim () rfc1035 ! com (Jim Reid)
Date:       2012-06-18 12:15:57
Message-ID: CEF7F1E7-5601-4B43-8873-55FC69222367 () rfc1035 ! com
[Download RAW message or body]

On 18 Jun 2012, at 12:36, Kostas Zorbadelos wrote:

> Stephane Bortzmeyer <bortzmeyer at nic.fr> writes:
>
>> If you don't do ingress filtering, it still allows people to attack
>> your users (they can send from the outside a "ANY ripe.net" query
>> claiming to be from a local machine).
>
> The same is true if you have open resolvers / forwarders in your  
> networks (problem CPEs for example) and they accept spoofed queries  
> from the outside.
> What is the proposed mitigation for the ISP caching resolver in  
> these cases?

Don't do that. :-)

If the attack packets have a format that can easily be filtered to / 
dev/null, it should be possible (handwave, handwave!) to make a  
firewall or router drop these at the ingress point(s) into your network.

And then go chase the upstream providers who are dumping this crap on  
you.

Statements of the bleedin' obvious...




[prev in list] [next in list] [prev in thread] [next in thread]