|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS dDos Attack!
--On Friday, March 28, 2003 09:28:48 AM -0500 Dan Armstrong <[email protected]> wrote: Sorry, I lied. We are running 8.34Release What I cannot figure out is why *our* name server is sending out ICMP unreachables. The incoming dns queries are coming from random destinations.... Are you sure the inbound attack packets are really valid queries, or are they responses? I ask because in the classic DDoS-via-nameservers attack, the victim will receive answers from a slew of other nameservers and send out ICMP unreachables. See http://www.cert.org/incident_notes/IN-2000-04.html Kevin
|