IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-reflectors-are-evil-05.txt

Dean Anderson <dean@av8.com> Wed, 12 December 2007 17:07 UTC

Return-path: <dnsop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2V3j-0007y2-Qx; Wed, 12 Dec 2007 12:07:47 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2V3i-0007xx-On for dnsop@ietf.org; Wed, 12 Dec 2007 12:07:46 -0500
Received: from cirrus.av8.net ([130.105.36.66]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J2V3h-0002iQ-R2 for dnsop@ietf.org; Wed, 12 Dec 2007 12:07:46 -0500
Received: from [130.105.12.10] ([130.105.12.10]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id lBCH7io4005852 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 12 Dec 2007 12:07:44 -0500
Date: Wed, 12 Dec 2007 12:07:43 -0500
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@citation2.av8.net
To: Matt Larson <mlarson@verisign.com>
Subject: Re: [DNSOP] draft-ietf-dnsop-reflectors-are-evil-05.txt
In-Reply-To: <20071210153238.GA435@dul1mcmlarson-l1.verisignlabs.com>
Message-ID: <Pine.LNX.4.44.0712121159380.19981-100000@citation2.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Cc: dnsop@ietf.org
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Errors-To: dnsop-bounces@ietf.org

On Mon, 10 Dec 2007, Matt Larson wrote:

> Much against my better judgement, I'm replying to an author who
> repeatedly shows himself incorrigible.  But lest his continued
> repetition of a false claim--that authority servers can be used to
> mount as large an attack as open servers--begin to give it an air of
> truth, I'd like to point out:

We have been over this before. The size of an attack depends only on the 
size of the botnet sending queries and the bandwidth available to the 
server responding. 

Authority servers send the exact same size packet as do recursive 
servers.

Therefore, the exact same attack can be mounted with authority servers.

>   Can you point us to even one 4Kb response from an authoritative
>   server?

This is a frivolous assertion. _Any_ EDNSO-capable authority server can
be legitimately configured to provide an 8kb response.  Some authority
servers are known to provide quite large SPF responses.  The exact list
of authority servers that currently provide large responses is not
necesseary to prove my assertions.

Furthermore, once root DNS servers start including IPV6 responses, their 
responses will be quite large.  Other authorities will also have much 
larger responses.


> P.S.  For you or anyone else who'd like to recall the details of the
> open-resolver based DDoS attacks from early 2006, my colleagues
> prepared an excellent (and frightening) presentation on them:
> 
>   http://www.nanog.org/mtg-0606/scalzo.html

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000   



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email