Given the difficulty of remediating home routers whose owners can't easily be identified, Nominum's pragmatic alternative is to configure ISP-level DNS servers to drop this kind of traffic before it even gets to that level. Without this approach ISPs as well as targets would suffer the real consequences, he said.
The possibility that home routers could have been a hidden part of the DNS amplification DDoS phenomenon remains an intriguing story. If correct, the issue could be larger and harder to fix than experts have realised.
Amplification remains the new black for DDoS attackers, covering not only DNS but, more recently, a monster NTP attack on a customer of CloudFlare. For some reason, the attackers have it in for this relatively small but now quite famous firm or perhaps for its growing band of anxious customers.
Most home users will not find their routers behaving as DNS proxies but anyone that wants to check can test their device.
Sign up for CIO Asia eNewsletters.