Abstract: Anatomy of Recent DNS Reflector Attacks From the Victim and Reflector Points of View

Frank Scalzo, Verisign

In the last several months there have been a number of significant DDoS attacks using open recursive DNS servers to reflect and amplify the attack. In the last several weeks these attacks have begun to be picked up by the media. This presentation looks at the anatomy of these attacks from the victim point of view, as well as from the reflector point of view. The presentation looks at a specific attack, breaks down the traffic, what filtering does and doesn't work, as well as the challenges of each. The presentation also looks at data collected from a participating reflector, and extrapolates out the data to estimate the size and number of attacks that have been seen. Also extrapolated out in the presentation is the potential size of the attack if 500,000 open DNS servers were to be used.

Link to presentation

Anatomy of recent DNS reflector attacks from the victim and reflector point of view - Real VideoReal Video Presentation