26 June 2014 at 10:10am
Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.
Network time protocol (ntp) servers are regularly being used to reflect and amplify spoofed UDP packets towards the target of a DDoS attack. Attacks are growing in size and frequency and sometimes even cause issues for the organisations hosting the reflectors. Servers offering the 'monlist' command are particularly troublesome and can provide a huge amplification affect.
Subscribe to reflection