On 14 Apr 2021, at 01:48, Anand Buddhdev <ana...@ripe.net> wrote:
> This is a short-sighted opinion. If just one authoritative server sends
> out REFUSED responses towards an innocent, it won't matter. But if 1000
> authoritative servers all send out REFUSED responses towards an innocent
> IP address, their combined volume and packet rate *is* significant.
Is it?
How big is a REFUSED response?
Even if it is 100 bytes (and I think it is not that large, but I cannot find
it), 1000 refused would be 100K.
How many thoudanss of servers do you need in this "DDoS" to overwhelm a pretty
average connection? (My home connection is only 200Mbps down).
Granted, a million machines would be generating a 100MB of data, which is
insignificantes, but the number of pockets at that scale would probably be an
issue. But is a million servers realistic?
I don't think calling this a DDoS is accurate. It is more likely;y there is a
known exploit for some servers and they are probing or it is some script kiddie
just blasting out packets hoping to get lucky.
--
"Are you pondering what I'm pondering?"
"I think so, Mr. Brain, but if the sun'll come out tomorrow, what's
it doing right now?"
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
