[u-u] DNS Reflection Amplification Attack Mitigation
klodefactor at gmail.com
klodefactor at gmail.com
Wed Dec 10 10:28:56 EST 2014
Just thinking out loud here...
You were dropping their packets on the floor? Any chance you were replying with an ICMP unreachable message? I just don't want to ignore an obvious case.
If only dropping, the attacker could implement a rudimentary heartbeat by changing the target IP now and then, to a system of their own.
It's a bit cumbersome, and it risks early exposure of part of their C&C systems and communication; the heartbeat receiver ("stethoscope"?) would be easy to find. But this heartbeat has the advantage of being able to change the detector easily: just change the target IP for the heartbeat.
As for risks to C&C, I imagine a botnet would be handy :-).
Assuming it's not just a coincidence...
Claude
-----Original Message-----
From: "Hugh Gamble" <hugh at phaedrav.com>
Sender: u-u-bounces at unixunanimous.orgDate: Tue, 9 Dec 2014 14:54:43
To: <u-u at unixunanimous.org>
Subject: [u-u] DNS Reflection Amplification Attack Mitigation
_______________________________________________
u-u mailing list
u-u at unixunanimous.org
https://unixunanimous.org/mailman/listinfo/u-u
More information about the u-u
mailing list