[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mitigating DNS amplification attacks

Subject: Mitigating DNS amplification attacks
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Tue, 30 Apr 2013 23:57:38 +0000
In-reply-to: <CDA5CF54.10D9A%[email protected]>
References: <CDA5CF54.10D9A%[email protected]>

On May 1, 2013, at 6:43 AM, Thomas St-Pierre wrote:

>  We've been sending emails to our clients but as the servers are not managed by us, there's not much we can do at that level.

Sure, there is - shut them down if they don't comply.  Most ISPs have AUP verbiage which would apply to a situation of this type.

> Has anyone ever tried mitigating/rate-limiting/etc these attacks in the network before? (vs at the server/application level)

QoS doesn't work, as the programmatically-generated attack traffic 'crowds out' legitimate requests.

> We have an Arbor peakflow device, but it's not really geared for this scenario I find.

Peakflow SP is a NetFlow-based anomaly-detection system which performs attack detection/classification/traceback.  Please feel free to ping me offlist about additional system elements which perform attack mitigation.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

References:
- Mitigating DNS amplification attacks
  - From: tstpierre at iweb.com (Thomas St-Pierre)

Prev by Date: Mitigating DNS amplification attacks
Next by Date: [no subject]
Previous by thread: Mitigating DNS amplification attacks
Next by thread: [no subject]
Index(es):
- Date
- Thread