[AusNOG] Attacks against DNS servers...
Mark Tees
marktees at gmail.com
Tue Sep 11 11:45:38 EST 2012
Morning Noggers,
I am curious about what filtering could be done in a distributed attack scenario against authoritative DNS servers. Assuming attack traffic is coming in the form of requests that look legitimate.
If your DNS system is running on IP space in an anycast fashion I guess this would spread the load out a bit depending on the number of nodes.
However, what could you scrub/filter on? Perhaps by trying to keep track of source IPs, the time between requests, and the content of the requests? Though, all of that could change quickly to suit the attack.
Thoughts out there?
Mark
More information about the AusNOG
mailing list