On Sun, 31 Mar 2013, Jim Reid wrote: > Remember too that in these DDoS attacks truncated UDP responses would > still be going to spoofed addresses. So those victims still get hit, > albeit without the amplification factor of a chubby DNS response.
Yes. But there's no reason for them to abuse the DNS (no reason not to, either) as they can send packets with spoofed source addresses directly at the target. They're doing it anyway to direct them at the intermediate DNS resource: but they could just cut the middleman out altogether and spoof a fat DNS response from your nameserver, couldn't they? Or anything else. Point is, since they spoof source addresses, they can spoof source addresses; it's not even a tautalogy, it's identity. They're doing it for the amplification. -- Fred Morris _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
