[dns-operations] First experiments with DNS dampening to fight amplification attacks

Klaus Darilion klaus.mailinglists at pernau.at
Mon Nov 5 13:09:49 UTC 2012

On 31.10.2012 02:52, Dobbins, Roland wrote:
> On Oct 31, 2012, at 4:37 AM, Florian Weimer wrote:
>> Reflection attacks do not use totally random source addresses, so the typically state exhaustion vector does not necessarily apply.
> There are many more types of attacks other than reflection/amplification attacks, though, and it's those to which I was referring - sorry for being unclear.

Agreed. That's why I mentioned that our iptables based rate limiting 
only mitigates the current ANY amplification attacks, not all kind of 


More information about the dns-operations mailing list