On a related note; I've been running an Urban Terror game server open to
the internet at our community house and seeing very high traffic occasionally
(mostly outbound, fully saturating our ADSL). It took me longer than it
should have to figure out what was going on, seems that the Urban Terror
server can be exploited as a UDP traffic amplifier too.
http://www.urbanterror.info/forums/topic/27825-drdos/
On 4 November 2012 17:21, Dobbins, Roland
On Nov 2, 2012, at 4:05 AM, Juha Saarinen wrote:
Are the local open resolvers seen as a problem?
A combination of three things enable DNS reflection/amplification attacks:
1. Lack of anti-spoofing deployed at the customer aggregation edge (shameful in 2012).
2. Open DNS recursors (also shameful in 2012).
3. EDNS0 (necessary).
Before going on a chase for open recursors, it would be a wise investment of time and effort to ensure that one has implemented BCP84 anti-spoofing at one's customer aggregation edge. Without the ability to emit spoofed packets, the open recursors can't be abused in this way.
Also note that DNS reflection/amplification attacks can be initiated without utilizing open recursors, simply by sending spoofed packets directly to authoritative servers. So, deploying anti-spoofing should be the priority.
----------------------------------------------------------------------- Roland Dobbins
// http://www.arbornetworks.com Luck is the residue of opportunity and design.
-- John Milton
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog