Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Avoiding dns amplification attacks

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
Lab report
Lab report
Wird geladen in …3
×

Hier ansehen

1 von 7 Anzeige

Weitere Verwandte Inhalte

Andere mochten auch (20)

Ähnlich wie Avoiding dns amplification attacks (20)

Anzeige

Aktuellste (20)

Avoiding dns amplification attacks

  1. 1. Avoiding DNS amplification attacks
  2. 2. Who am I?  @deassain  Security Advisor at a Big 4 company  security.stackexchange.com contributor  cloud101.eu
  3. 3. What is DNS amplification?  Distributed Denial of Service Attack  Abusing flaw in the DNS protocol's architecture  Spamhaus 300 Gbit/s
  4. 4. Reasons  DNS request vs DNS response (UDP)  Open resolving name servers  No implementation of BCP38
  5. 5. DNS Request vs Response Size  30 byte request → up to 500 byte response  1 Mbit on your machine → 17 Mbit at the target machine  Amplification
  6. 6. Open resolvers  Resolves DNS queries for any host  Spoof UDP source to target IP address  Tons of DNS responses end up at the target  Get your machines and disable recursion from the internet! (or the crypto bear will kick your ass )
  7. 7. BCP38: Ingres Filtering  Works for IPv4  http://tools.ietf.org/html/rfc2827  Upstream providers only allow traffic for IP blocks for which their clients are configured  Cooperation between ISPs

×