[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Jun 22 09:23:28 UTC 2011

On Wed, Jun 22, 2011 at 09:11:37AM +0000,
 Florian Weimer <fweimer at bfk.de> wrote 
 a message of 14 lines which said:

> Isn't the traffic reflected off so many addresses that local rate
> limiting is simply not very effective?

I do not understand. Assuming that the attack targets a specific IP
address (the victim), rate-limiting based on the (forged) source
*should* be effective.

More information about the dns-operations mailing list