> -----Original Message-----
> From: Gadi Evron [mailto:ge@xxxxxxxxxxxx]
> Sent: Saturday, March 18, 2006 1:00 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: DNS Amplification Attacks
>
> In this paper we address in detail how the recent DNS DDoS
> attacks work.
> How they abuse name servers, EDNS, the recursive feature and
> UDP packet
> spoofing, as well as how the amplification effect works.
>
> Our study is based on packet captures (we provide with
> samples) and logs
> from attacks on different networks reported to have a volume
> of 2.8Gbps.
> One of these networks indicated some attacks have reached as high as
> 10Gbps and used as many as 140,000 exploited name servers.
>
> In the conclusions we also discuss some remediation suggestions.
>
> Given recent events, we have been encouraged to make this
> text available
> at this time.
>
> URL:
>
> Please note that this version of this paper is prior to
> submission for
> publication and that the final version may see significant revisions.
>
> Thanks,
>
> Randy Vaughn and Gadi Evron.
>
