[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Phil Regnauld
regnauld at nsrc.org
Wed Jun 22 14:20:49 UTC 2011
John Kristoff (jtk) writes:
>
> Rodney and I co-authored a little known paper entitled "Botnets and
> Packet Flooding DDoS Attcks on the Domain Name System" that outlined
> a few mitigation strategies that were in common use at the time of
> writing. The strategies discussed include the following:
Hi John,
Thanks for the pointer. For the Google-challenged:
http://layer9.com/~jtk/papers/dnsddos.pdf
Looks pretty interesting.
Cheers,
Phil
--
Phil Regnauld NSRC - Network Startup Resource Center
regnauld at nsrc.org http://nsrc.org/ | http://facebook.com/nsrc.org
PGP Fingerprint: BEDA 1F52 9F07 69A2 B1CF 3367 81BD D3C4 0E1F 9B79
More information about the dns-operations
mailing list