[c-nsp] rate limit dns

Dobbins, Roland rdobbins at arbor.net
Wed Jan 1 07:36:58 EST 2014


On Jan 1, 2014, at 7:27 PM, Gert Doering <gert at greenie.muc.de> wrote:

> Abusing authoritatives is not "the exception", and has not been for over a year.

It is 'the exception' in the context of my previous reply, which had to do with abuse of open recursors.  Agree 100% it isn't rare; that wasn't what I meant, apologies for being unclear.

Direct abuse of authoritative servers using spoofed ANY queries and other spoofed queries intended to generate large responses goes back many years, absolutely.  But we still see lots of attacks utilizing open recursors; direct abuse of authoritative servers hasn't superseded or eliminated the use of open recursors, attacks leveraging open recursors take place every day, as you know.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140101/16e79808/attachment.sig>


More information about the cisco-nsp mailing list