• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

DDoS & DNSSEC

John Connor

John Connor

Lifer
http://www.infoworld.com/article/31...d-dnssec-servers-at-root-of-ddos-attacks.html

"DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack," said Neustar's Joe Loveless. "If DNSSEC is not properly secured, it can be exploited, weaponized, and ultimately used to create massive DDoS attacks

In a study of more than 1,300 DNSSEC-protected domains, 80 percent could be used in such an attack, Neustar found.

The attacks rely on the fact that the size of the ANY response from a DNSSEC-signed domain is significantly larger than the ANY response from a non-DNSSEC domain because of the accompanying digital signature and key exchange information. The ANY request is larger than a normal server request because it asks the server to provide all information about a domain, including the mail server MX records and IP addresses.
Click to expand...
 
IDK the author is pretty pessimistic about DNSSEC and seems to think it's hard to deploy. It only took me a minute or two to add DNSSEC with CloudFlare and my DNS provider Namesilo.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top