[dns-operations] EDNS0
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Thu Mar 2 01:44:23 UTC 2006
On Wed, Mar 01, 2006 at 07:39:49PM -0600, Rob Thomas wrote:
> Hey, Bill.
>
> ] if i have a traffic problem, i tend to look to
> ] rate limiting techniques - not shutting down
> ] services. e.g. add -lots- more open recursive
> ] dns servers and each of them being rate limited
> ] to ~10% of first link b/w.
>
> The problem with rate limiting is that it doesn't have a
> discriminating palette; it will block or limit the good with
> the bad. :)
which is why we need more of them... lots more.
>
> Rate limiting also doesn't help if the amplifiers are limited
> to circa 10% of their bandwidth, yet that is 100% more
> bandwidth than the target has available. The miscreants
> still launch attacks from dial ups. As one miscreant noted,
> 10K of just about anything sending pings can still hurt.
rate limits work for in&out...
> DDoS is simply a question of resource exhaustion. Bandwidth
> is a resource that can be exhausted. Interrupt saturation,
> socket queues, et al.
sure...
>
> Thanks,
> Rob.
> --
> Rob Thomas
> Team Cymru
> http://www.cymru.com/
> ASSERT(coffee != empty);
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list