[dns-operations] First experiments with DNS dampening to fight amplification attacks
Dobbins, Roland
rdobbins at arbor.net
Mon Oct 29 17:59:44 UTC 2012
On Oct 29, 2012, at 8:26 PM, Klaus Darilion wrote:
> So, the result may not be perfect, but it is better then no rules at all.
I'm not sure that this is a true statement.
If the rate-limiting is based upon source IPs, then there's potentially a lot of state there. If the rate-limiting is based upon the destination IP, then it guarantees that programmatically-generated attack traffic will 'crowd out' legitimate requests.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the dns-operations
mailing list