Last-minute paper: Open DNS resolvers are to DDoS what open SMTP relays are to spam

John Graham-Cumming CloudFlare

Over the past year, DNS amplification attacks have become a firm favourite of DDoS launchers around the world. Open DNS resolvers are used to launch huge DDoS attacks against websites and DNS servers.

This talk will cover the following:

  • Technical background on DNS attacks including the effect of DNSSEC. This will cover how DNS amplification attacks work, the tools used to launch them, and how to handle an amplification attack. This will also cover the problem of 'who's attacking who' seen in DNS attacks where the open resolver used to launch the attack often appears to be the victim, and the victim appears to be the villain.
  • The Open Resolver Project:, which is a database of open resolvers around the world and hopes to get them all closed down. Plus advice on how to run a resolver that supports DNS RRL (rate limiting).
  • Statistics on DNS attacks seen by CloudFlare including the 300Gbps attack seen against Spamhaus.

And I'll pose (and partially answer) the question "Why the *!&^#! haven't network providers implemented BCP38?"

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.