[nsp-sec] GoDaddy DDOS details ?
sthaug at nethelp.no
sthaug at nethelp.no
Mon Sep 10 16:16:26 EDT 2012
> >> Does anyone have details on the attack ? Target(s) ? Looking at my
> >> flows, I dont see anything obvious jumping out (e.g larger than 500byte
> >> packets with suspicious ephemeral ports etc)
>
> I thought the typical attack against DNS these days was port 53, sub-512-byte packets, i.e. standard DNS queries?
A spoofed source amplification attack, which has been a very popular
type of attack lately, will work just as well against DNS servers as
anything else. So that would be *my* guess, without knowing any more
details...
Steinar Haug, AS 2116
More information about the nsp-security
mailing list