[dns-operations] First experiments with DNS dampening to fight amplification attacks
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Nov 5 13:09:49 UTC 2012
On 31.10.2012 02:52, Dobbins, Roland wrote:
>
> On Oct 31, 2012, at 4:37 AM, Florian Weimer wrote:
>
>> Reflection attacks do not use totally random source addresses, so the typically state exhaustion vector does not necessarily apply.
>
> There are many more types of attacks other than reflection/amplification attacks, though, and it's those to which I was referring - sorry for being unclear.
Agreed. That's why I mentioned that our iptables based rate limiting
only mitigates the current ANY amplification attacks, not all kind of
attacks.
regards
Klaus
More information about the dns-operations
mailing list