[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Phil Regnauld regnauld at nsrc.org
Wed Jun 22 14:20:49 UTC 2011


John Kristoff (jtk) writes:
> 
> Rodney and I co-authored a little known paper entitled "Botnets and
> Packet Flooding DDoS Attcks on the Domain Name System" that outlined
> a few mitigation strategies that were in common use at the time of
> writing.  The strategies discussed include the following:

	Hi John,

	Thanks for the pointer.  For the Google-challenged:

	http://layer9.com/~jtk/papers/dnsddos.pdf

	Looks pretty interesting.

	Cheers,
	Phil

--
Phil Regnauld      NSRC - Network Startup Resource Center
regnauld at nsrc.org  http://nsrc.org/ | http://facebook.com/nsrc.org
PGP Fingerprint:   BEDA 1F52 9F07 69A2 B1CF  3367 81BD D3C4 0E1F 9B79



More information about the dns-operations mailing list