31 Jul
2012
31 Jul
'12
11:37 a.m.
Hi,
We've been seeing large (100gb/sec+) DNS reflection/amplification attacks for years. Yes, the attacker will identify a big TXT record, or he will execute an ANY query (blocking ANY queries during an attack is a rational response, although this will break qmail), or he will query any DNSSEC-enabled server and be guaranteed that the minimum response size he will get will be at least 1300 bytes. We see all of this routinely. It's always interesting to me that Arbor seems to be the only one who "routinely" sees those in the wild. One could almost think that there is a business driver somewhere there ...
Regards, Wolfgang