[AusNOG] Why BCP38 is important

Dobbins, Roland rdobbins at arbor.net
Fri Nov 2 20:30:13 EST 2012


On Nov 2, 2012, at 3:51 PM, Mark Smith wrote:

> The article is a bit incorrect in concluding that the only cause is DNS resolvers available to anybody, it is also because the hosts that are used
> in the DDoS can spoof source addresses, causing the DNS resolver replies to be sent instead to DDoS attack victim.

As well as EDNS0.  

All three of these issues - the ability to spoof, open recursors, and EDNS0 - are what facilitate DNS reflection/amplification attacks.

I was interviewed for a similar set of articles, and the journalists in those cases also elected to leave out the bits about anti-spoofing and EDNS0, for some reason.  

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the AusNOG mailing list