Wednesday, May 3, 2006

DNS Amplification Attacks

Here's a paper (about 6 weeks old) on DNS Amplification Attacks. This sort of attack has panicked certain types, causing them to do odd things with their DNS servers (external and internal) including dedicated functions, employing DNSSEC where it is useless, and/or buying more of the usual snake oil.

I think part of the panic originates in the (improper) assumption that DNS servers are like home computers, in that they think an most insecure DNS servers will remain insecure. I think that this is incorrect because DNS servers are usually run by trained personnel and are usually located in network segments where bit usage is purchased at a flat rate. While this sort of attack surfaces periodically, it also goes away periodically as the admins catch on and tighten up their servers. I think the problem returns as admins move on/up and are replace by newer personnel who also have to learn the hard way.