2 June 2006
San Jose, CA
US/Pacific timezone

Anatomy of Recent DNS Reflector Attacks From the Victim and Reflector Points of View

Not scheduled
20m
San Jose, CA

San Jose, CA

Speaker

Mr Matt Larson

Description

In the last several months there have been a number of significant DDoS attacks using open recursive DNS servers to reflect and amplify the attack. In the last several weeks these attacks have begun to be picked up by the media. This presentation looks at the anatomy of these attacks from the victim point of view, as well as from the reflector point of view. The presentation looks at a specific attack, breaks down the traffic, what filtering does and doesn't work, as well as the challenges of each. The presentation also looks at data collected from a participating reflector, and extrapolates out the data to estimate the size and number of attacks that have been seen. Also extrapolated out in the presentation is the potential size of the attack if 500,000 open DNS servers were to be used.

Presentation materials