[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Dobbins, Roland rdobbins at arbor.net
Mon Jun 27 04:33:20 UTC 2011

On Jun 25, 2011, at 12:26 AM, John Kristoff wrote:

> In my experience, that is only the attack profile I've seen too, but I don't think we can count on miscreants to conform to past profiles.

This is generally true of queries intended to elicit a DNS reflection/amplification attack, sure - it's generally a specific /32 that's being targeted by a given attack (not always, but generally speaking).

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

More information about the dns-operations mailing list