[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
jtk at cymru.com
Fri Jun 24 17:26:33 UTC 2011
On Fri, 24 Jun 2011 07:19:27 -1000
David Conrad <drc at virtualized.org> wrote:
> In most cases I'm aware of (at least from my root server-ish days),
> the "attack" (which may not be intentional) is sourced from a single
> address. However, I will admit not having looked at anything shorter.
In my experience, that is only the attack profile I've seen too, but I
don't think we can count on miscreants to conform to past profiles.
There is one bit left in the header to be defined. Maybe DNS needs it's
own RFC 3514-like definition for the "evil query" bit? :-)
More information about the dns-operations