discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] DDOS, open resolvers, how to solve?

From: "Alex M (Coyo)" <coyo AT darkdna.net>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] DDOS, open resolvers, how to solve?
Date: Wed, 30 Oct 2013 00:28:32 -0500

Julian DeMarchi wrote:

On 10/30/2013 02:24 PM, Christopher wrote:

I don't suppose anyone would know how possible it is to make an OS use
TCP connections for DNS? That way the DNS server could only listen on
TCP which negates most DDoS attacks I've read about here (DNS request
with spoofed source to reflect packets). I suppose the easiest way
would to be to run a local resolver/proxy that can use TCP. Would this
help at all or are there other attacks?

The attacks in question work becuase they use TCP. The trick for the
attackers is to request a record that is over 4096 bytes and this is in
the wild now.

How in the heck would that work? Wouldn't syn cookies cancel out any TCP trickery?

Besides, even if you fake the source address, don't you need to send acknowledgements?

Re: [opennic-discuss] DDOS, open resolvers, how to solve?, (continued)
- Re: [opennic-discuss] DDOS, open resolvers, how to solve?, Tim G, 10/29/2013
  - Re: [opennic-discuss] DDOS, open resolvers, how to solve?, A.J. Maurin, 10/29/2013
- Re: [opennic-discuss] DDOS, open resolvers, how to solve?, Daniel Quintiliani, 10/29/2013
  - Re: [opennic-discuss] DDOS, open resolvers, how to solve?, Julian DeMarchi, 10/29/2013
    - Re: [opennic-discuss] DDOS, open resolvers, how to solve?, Hunter 9999, 10/29/2013
      - Re: [opennic-discuss] DDOS, open resolvers, how to solve?, Julian DeMarchi, 10/29/2013
        
        Re: [opennic-discuss] DDOS, open resolvers, how to solve?, mike, 10/29/2013