[dns-operations] First experiments with DNS dampening to fight amplification attacks
Tony Finch
dot at dotat.at
Fri Sep 28 14:41:35 UTC 2012
Mark Andrews <marka at isc.org> wrote:
>
> Server cookies are the way to go though I would add timestamps so
> that server secrets don't need to be changed. The time stamp would
> have to be within X seconds of the servers current concept of time
> or it will be treated as a bad cookie. The time would be concatenated
> to the rest of the data to be hashed.
Are you referring to this?
http://tools.ietf.org/html/draft-eastlake-dnsext-cookies
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the dns-operations
mailing list