[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
bortzmeyer at nic.fr
Wed Jun 22 09:23:28 UTC 2011
On Wed, Jun 22, 2011 at 09:11:37AM +0000,
Florian Weimer <fweimer at bfk.de> wrote
a message of 14 lines which said:
> Isn't the traffic reflected off so many addresses that local rate
> limiting is simply not very effective?
I do not understand. Assuming that the attack targets a specific IP
address (the victim), rate-limiting based on the (forged) source
*should* be effective.
More information about the dns-operations