Very informative post, quota free tunnels is also very interesting, I've always been on the lookout for 'clever' things like this or DNS tunneling :D<br><br><div class="gmail_quote">On Fri, Nov 2, 2012 at 7:51 PM, Mark Smith <span dir="ltr"><<a href="mailto:markzzzsmith@yahoo.com.au" target="_blank">markzzzsmith@yahoo.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">"Open DNS resolvers behind gigantic DDoS"<br>
<a href="http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx" target="_blank">http://www.itnews.com.au/News/321618,open-dns-resolvers-behind-gigantic-ddos.aspx</a><br>
<br>
<br>
The article is a bit incorrect in concluding that the only cause is DNS<br>
resolvers available to anybody, it is also because the hosts that are used<br>
in the DDoS can spoof source addresses, causing the DNS resolver replies<br>
to be sent instead to DDoS attack victim.<br>
<br>
If you're unfamiliar with BCP38, please read the following and then implement <br>
it to help prevent these sorts of attacks.<br>
<br>
"Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"<br>
<a href="http://tools.ietf.org/html/bcp38" target="_blank">http://tools.ietf.org/html/bcp38</a><br>
<br>
<br>
For ISPs, BCP38 will also prevent the "quota free tunnels" presented by Warren at this year's Ausnog:<br>
<br>
Using a lack of source address filtering to create 'quota-free' tunnels between collaborators<br>
<a href="http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf" target="_blank">http://www.ausnog.net/images/ausnog-2012/presentations/05-ausnog2012-WarrenHarrop.pdf</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div><br>