[nsp-sec] AS5430 under attack -- assistance needed
sthaug at nethelp.no
sthaug at nethelp.no
Thu Jul 19 14:37:21 EDT 2012
> > Spoofed source DNS-based amplification attacks are all the rage at the
> > moment, presumably because they give a lot of "bang for the buck", with
> > amplification factors in the 10 to 100 range.
> >
> > Since they are based on spoofed sources (the IP addresses of the victim
> > hosts in your AS), you either need to block the attack traffic on your
> > borders, or get the upstream providers to block it. I recommend opening
> > tickets with your upstream providers ASAP.
>
> Ok, thank you.
>
> So there isn't a list of open resolvers I could drop source packets
> from, or a BGP server publishing such a list?
Cymru publishes per-AS lists of open resolvers. Whether that will help
you right now - well, that depends. Would you be able to sink the extra
traffic if you knew the IP addresses of the open resolvers? Take into
consideration that there are thousands of these open resolvers...
Steinar Haug, AS 2116
More information about the nsp-security
mailing list