[Dshield] DRDoS - old attack, new story

Jean-Philippe Luiggi jp.luiggi at free.fr
Fri Mar 17 14:53:56 GMT 2006


Hello,

Mid-december 2005, the CERT showed a document :

http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf

which explained the threat posed by DNS recursion.

If you want to check out your server :

% dig @a.b.c.d SOA com.
  ...
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0 , ADDITIONAL: 0
  ...
====

Just check the "ra" flag which means *recursion available*.

Best regards.

On Thu, Mar 16, 2006 at 12:52:00PM -0500, dshield.org at keithbergen.com wrote:
> New story on FoxNews.com about an old (2002) attack on DNS servers. It
> claims that the attack will be resurfacing. I think they do a pretty decent
> job of explaining it.
> 
> http://www.foxnews.com/story/0,2933,188102,00.html
> 
> Is there a way that one can check to see that their DNS server is configured
> correctly?
> 
> Keith.
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


More information about the list mailing list