[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Dobbins, Roland
rdobbins at arbor.net
Wed Jun 22 08:33:14 UTC 2011
On Jun 22, 2011, at 4:14 AM, Stephane Bortzmeyer wrote:
> Yes, rate-limiting outside of the name server seems reasonable
QoS is one of the worst things you can do during a DDoS attack (as a target or a reflection enabler) - programmatically-generated attack traffic will simply 'crowd out' the legitimate traffic.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list