DNS reflection attacks are a favorite protocol for botmasters to pummel a victim’s network. The attackers usually benefit from poorly configured DNS servers: A small request of 60-80 byte can elicit a response of 4000 byte or more.

This talk introduces the tool DNS hammer, which can analyze a DNS servers value to an attacker. The presentation also covers methods to limit the DNS servers value without impact on the production network.