[AusNOG] Why BCP38 is important
Dobbins, Roland
rdobbins at arbor.net
Fri Nov 2 20:30:13 EST 2012
On Nov 2, 2012, at 3:51 PM, Mark Smith wrote:
> The article is a bit incorrect in concluding that the only cause is DNS resolvers available to anybody, it is also because the hosts that are used
> in the DDoS can spoof source addresses, causing the DNS resolver replies to be sent instead to DDoS attack victim.
As well as EDNS0.
All three of these issues - the ability to spoof, open recursors, and EDNS0 - are what facilitate DNS reflection/amplification attacks.
I was interviewed for a similar set of articles, and the journalists in those cases also elected to leave out the bits about anti-spoofing and EDNS0, for some reason.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the AusNOG
mailing list