论文信息 - Preventing Use of Recursive Nameservers in Reflector Attacks - 字舞流文

Preventing Use of Recursive Nameservers in Reflector Attacks

This document describes ways to prevent the use of default configured recursive nameservers as reflectors in Denial of Service (DoS) attacks. Recommended configuration as measures to mitigate the attack are given.

João Damas | Frederico A. C. Neves | J. Damas | Frederico A. C. Neves

[1] Scott O. Bradner,et al. Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[2] Brian Wellington,et al. Secret Key Transaction Authentication for DNS (TSIG) , 2000, RFC.

[3] Donald E. Eastlake,et al. DNS Request and Transaction Signatures ( SIG(0)s ) , 2000, RFC.

[4] Fred Baker,et al. Ingress Filtering for Multihomed Networks , 2004, RFC.

[5] Scott Rose,et al. DNS Security Introduction and Requirements , 2005, RFC.

[6] Paul V. Mockapetris,et al. Domain names: Concepts and facilities , 1983, RFC.

[7] Paul Vixie,et al. Extension Mechanisms for DNS (EDNS0) , 1999, RFC.

[8] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.