[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNS DoS ???
On Aug 1, 2011, at 9:22 AM, Mark Andrews wrote:
> And even if DNS/TCP was use by default machines can still get DoS'd because IP is spoofable.
They can be DDoSed with spoofed or non-spoofed packets, and there are defenses against such attacks.
Apologies if I was unclear - my point was that huge, crushing, multi-gigabit-per-second DNS reflection/amplification attacks would no longer be possible with a TCP-only DNS, and that there would be other benefits, as well. Large-scale testing of TCP-only DNS would be quite informative, IMHO.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
- References:
- DNS DoS ???
- From: efinley.lists at gmail.com (Elliot Finley)
- DNS DoS ???
- From: rdobbins at arbor.net (Dobbins, Roland)
- DNS DoS ???
- From: drew.weaver at thenap.com (Drew Weaver)
- DNS DoS ???
- From: mysidia at gmail.com (Jimmy Hess)
- DNS DoS ???
- From: rdobbins at arbor.net (Dobbins, Roland)
- DNS DoS ???
- From: mysidia at gmail.com (Jimmy Hess)
- DNS DoS ???
- From: rdobbins at arbor.net (Dobbins, Roland)
- DNS DoS ???
- From: marka at isc.org (Mark Andrews)
- DNS DoS ???
- From: rdobbins at arbor.net (Dobbins, Roland)
- DNS DoS ???
- From: marka at isc.org (Mark Andrews)