[unisog] [REN-ISAC] Alert: DNS Smurfing

Ryan Dorman Ryan.Dorman at millersville.edu
Mon Dec 13 14:48:26 GMT 2004


I have recently seen an increase in data on syn packets heading towards DNS
server.  Is this related to this smurf attack?

Ryan Dorman, CCNA
Network Communications Specialist
Millersville University
717.871.5883
Ryan.Dorman at millersville.edu

PGP Public Key: http://cns.millersville.edu/rdorman_key.txt
<http://cns.millersville.edu/rdorman_key.txt> 



  _____  

From: Florian Weimer <fw at deneb.enyo.de>
Reply-To: UNIversity Security Operations Group <unisog at lists.sans.org>
Date: Sat, 11 Dec 2004 13:59:01 -0500
To: <unisog at lists.sans.org>
Subject: Re: [unisog] [REN-ISAC] Alert: DNS Smurfing

* Doug Pearson: 

> Over the past couple of days several DNS Smurf attacks have been 
> underway affecting research and education (R&E) and commercial 
> networks. A typical DNS Smurf attack[1] works as follows: Many DNS 
> queries of type = "any" are sent to multiple DNS servers. The 
> queries contain the source-spoofed address of the target. 

Do these attacks already exploit the superior amplification facilities 
EDNS0 provides? 
_______________________________________________ 
unisog mailing list 
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog
<http://www.dshield.org/mailman/listinfo/unisog>  





More information about the unisog mailing list