[c-nsp] DNS amplification

Laurent Geyer geyer.laurent at gmail.com
Sat Mar 16 18:59:25 EDT 2013


Curious, how does uRPF help under this scenario? Although the source address is spoofed, the target is stil valid destination address.
—
Laurent

On Sat, Mar 16, 2013 at 6:38 PM, David Rothera <david.rothera at gmail.com>
wrote:

> Depends on whether you want to defeat being the person being attacked or
> the person being "tricked" into being the person doing the amplification
> attack.
> For stopping being attacked without taking services from your upstream
> provider the only thing you can do really is police DNS traffic as uRPF
> isn't going to be of much help as it will generally be coming from the
> correct ingress interface.
> As far as stopping being the attacker as others have said use uRPF and
> limit your resolvers to only allow access from hosts within your own AS.
> David
> On Saturday, March 16, 2013, harbor235 wrote:
>> Can anyone provide insight into how to defeat DNS amplification attacks?
>>
>>
>> thanks,
>>
>> Mike
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net <javascript:;>
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> -- 
> David Rothera
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list