On Mar 31, 2013, at 7:58 AM, Jim Reid <[email protected]> wrote: > In this case, DDoS attackers would get those truncated responses sent to > their victims. OK, they lose the amplification factor but they still get to > flood the victim(s) with unsolicited traffic.
Just to be clear, this is true for any open UDP server of any sort, not just DNS servers. There are two reasons why attackers use open DNS resolvers for attacks: a) amplification b) inability of the target to find the real source The proposal of "if open, must do TCP" fixes both of these for the DNS protocol, but does not solve (b), and probably not (a), for the Internet. --Paul Hoffman _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
