Slashdot Mirror

← Back to Stories (view on slashdot.org)

DDoS Attacks Via DNS Recursion

Posted by ryuzaki0 on from the to-understand-recursion-you-must-understand-recursion dept.

JehCt writes "Associated Press is running a story about how the recursion feature of open DNS servers can be used to launch massive distributed denial of service (DDoS) attacks: 'First detected late last year, the new attacks direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope.' A thread at WebmasterWorld explains, 'To make a long story short, having a DNS server that allows recursion for the Internet is like running an open SMTP relay.'"

9 of 192 comments (clear)

  1. Recursion == recursion == recursion == ... by bcat24 · · Score: 3, Funny

    recursion: n.

        See recursion. See also tail recursion.

    From the Jargon File.

  2. MOD REPLY TO PARENT UP by quokkapox · · Score: 2, Funny
    Seriously, when one of these really impacts something or other, the people who are responsible will figure out what went wrong, fix it, and life will go on as usual. Maybe some of us will get away from the keyboards for a while, chat at the water cooler or something. Some of us will get a day off and others will get plenty of overtime.

    The real risk is perhaps The Final Virus.

    --
    it's a blue bright blue Saturday hey hey
  3. Re:I must resist by Anonymous Coward · · Score: 3, Funny

    To know recursion, you must first know recursion.

  4. There is a defense by Alwin+Henseler · · Score: 3, Funny
    FTA: "Silva said the attacks earlier this year used only about 6 percent of the more than 1 million name servers across the Internet to flood victim networks. Still, the attacks in some cases exceeded 8 gigabits per second, indicating a remarkably powerful electronic assault."

    /.ers will know that only the mighty foot of Chuck Norris is powerful enough to kick back such a massive DDoS attack. There is a problem though: since there is only 1 of him, Chuck can't defend more than one site at a time. And ofcourse his ourly rates are a bit steep, too.

    Vary your mileage may.
  5. Re:I must resist by Soporific · · Score: 2, Funny

    The first rule of recursion is to not talk about recursion...

    ~S

  6. Recursion considered harmful by Anonymous Coward · · Score: 4, Funny

    Should have used gotos! -1 for the functional language weenies!

  7. Re:djbdns by Russ+Nelson · · Score: 5, Funny

    You have a correct configuration. You gain 2 skill points.

    --
    Don't piss off The Angry Economist
  8. History repeats itself by Anonymous Coward · · Score: 1, Funny

    Back in 1983, IBM put Microsoft's "PC-DOS" on a "microcomputer." It was later named by Microsoft to MS-DOS, then simply DOS.

    Digital Research cloned it and improved it in the late 1980s (early '90s?), making a program called DR-DOS that pundits called "a better DOS than DOS."

    Flash forward to Yahoo News:

    "Experts call the attack technique a 'distributed reflector denial of service,'" says the site.

    So once again, DoS has been supplanted by DRDoS.

  9. Re:slashdot DNS is OPEN! by Slashcrap · · Score: 2, Funny

    I guess that shows the slashdot editors actually do read their site sometimes after all!

    Or maybe they read the actual article before posting it?

    Sorry, just my little joke.