[Info-vax] DNS DDoS against TCPIP$BIND_SERVER
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Oct 30 15:25:45 EDT 2012
On 2012-09-29 12:57:26 +0000, Stephen Hoffman said:
> ...For those following this discussion at home, this is probably a
> generic DNS reflection attack, using open DNS servers to amplify
> somebody's DDoS.
>
> The reflection attack? The ~fifty bytes of a spoofed DNS query can
> beget ten or twenty times that in a response message aimed at the DDoS
> target. Or sometimes much more, depending on the DNS server and its
> configuration...
Another write-up on why a wide-open DNS server isn't a good idea:
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
One or both of the suggested changes within your TCP/IP Services DNS
server configuration can reduce the likelihood that your OpenVMS DNS
server will be participating in one of these events. Or (as I've
mentioned elsewhere) configure a gateway-firewall, and don't directly
expose your OpenVMS server to the Internet.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list