Speaker
Mr
Matt Larson
Description
In the last several months there have been a number of
significant DDoS attacks using open recursive DNS servers to
reflect and amplify the attack. In the last several weeks these
attacks have begun to be picked up by the media. This
presentation looks at the anatomy of these attacks from the
victim point of view, as well as from the reflector point of
view. The presentation looks at a specific attack, breaks down
the traffic, what filtering does and doesn't work, as well as the
challenges of each. The presentation also looks at data collected
from a participating reflector, and extrapolates out the data to
estimate the size and number of attacks that have been seen. Also
extrapolated out in the presentation is the potential size of the
attack if 500,000 open DNS servers were to be used.