[Pdns-users] TCP amplification attack notes
Brian Candler
b.candler at pobox.com
Sun Aug 18 09:59:41 UTC 2019
On 18/08/2019 04:14, Mike wrote:
> Â Â Â I wanted to point out that I observed the same thing occuring
> against my PowerDNS resolvers - I would get a low rate of TCP SYN's in
> to port 53, the resolver would attempt to SYN-ACK these several times
> without success, and then a new SYN would come in, starting the process
> over again, so there is a small gain in amplification here but not like
> ssdp or memcached for example.
Thank you, that's very useful information.
How low is "low rate" - that is, typically how many sockets are in
SYN_RECV state?
I am wondering if there would be any benefit trying to enable SYN
cookies with a low threshold (esp. on authoritative servers where you
can't block by source IP)
More information about the Pdns-users
mailing list