[colug-432] DNS Amplification Attack

Travis Sidelinger travissidelinger at gmail.com
Tue Apr 2 01:38:20 EDT 2013


Your DNS servers responds to UDP packets, which can be used by spoofing the
source address of a UDP packet to attack another network.  DNS is simply a
popular UDP service.  Thus, this is more of a firewall issue.  Your
firewall needs to ensure your UDP traffic is not being spoofed.  Unless you
are an ISP, there is not much you can do there.  Rob's advice is good, but
won't fundamentally fix this issue.  Disabling UDP or enforcing DNS-SEC
would resolve the issue, but may have challenges of their own.  I'd
recommend slaving your DNS to an ISP and let them deal with this.

-Travis


On Tue, Apr 2, 2013 at 12:47 AM, Rick Troth <rmt at casita.net> wrote:

> Can someone explain to me how a DNS server is "open" to a DNS
> "amplification attack"?
>
> If I understand the basic concept, the reply addr is bogus (and is the
> target of the attack).  What I don't understand is how I'm supposed to
> secure my DNS server from assisting the bad guys.  If my DNS server is
> supposed to answer queries for my domain, how do I ensure that it only
> handles legit queries?
>
>
> --
> -- R;   <><
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>



-- 
"A careful reading of history clearly demonstrates ...
that people don't read history carefully.”

“We can't solve problems by using the same kind of thinking we used when we
created them.”
—Albert Einstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20130402/f7c7245c/attachment.html 


More information about the colug-432 mailing list