[dns-operations] How many kinds of DNS DoS attacks are we trying to stop ?

Lutz Donnerhacke lutz at iks-jena.de
Thu Sep 27 22:08:44 UTC 2012

* Stephane Bortzmeyer wrote:
> For instance, I'm a big fan of rate-limiting ANY requests because it
> works fine *today* in *some* attacks but I would never say it is *the*
> solution to DNS-based DoS attacks. It is just a tool among others.

I collected a few statistics. It's far from complete nor perfectly designed,
but it covered my ass. Right now. This week.

One observation I'm not sure about is: Attacker query rate seems to drop by
half about two to tree weeks after rate limiting or three days after
dampening. To verify the alternatives, I had to relist my server on the
scriptkiddies pastbin. But I does not know the URL nor I'm willing to do so.

More information about the dns-operations mailing list