[unisog] [REN-ISAC] Alert: DNS Smurfing

Ryan Dorman Ryan.Dorman at millersville.edu
Mon Dec 13 14:48:26 GMT 2004

I have recently seen an increase in data on syn packets heading towards DNS
server.  Is this related to this smurf attack?

Ryan Dorman, CCNA
Network Communications Specialist
Millersville University
Ryan.Dorman at millersville.edu

PGP Public Key: http://cns.millersville.edu/rdorman_key.txt


From: Florian Weimer <fw at deneb.enyo.de>
Reply-To: UNIversity Security Operations Group <unisog at lists.sans.org>
Date: Sat, 11 Dec 2004 13:59:01 -0500
To: <unisog at lists.sans.org>
Subject: Re: [unisog] [REN-ISAC] Alert: DNS Smurfing

* Doug Pearson: 

> Over the past couple of days several DNS Smurf attacks have been 
> underway affecting research and education (R&E) and commercial 
> networks. A typical DNS Smurf attack[1] works as follows: Many DNS 
> queries of type = "any" are sent to multiple DNS servers. The 
> queries contain the source-spoofed address of the target. 

Do these attacks already exploit the superior amplification facilities 
EDNS0 provides? 
unisog mailing list 
unisog at lists.sans.org 

More information about the unisog mailing list