[dns-operations] First experiments with DNS dampening to fight amplification attacks

Mark Andrews marka at isc.org
Fri Sep 28 14:48:38 UTC 2012


In message <alpine.LSU.2.00.1209281541070.1469 at hermes-1.csi.cam.ac.uk>, Tony Finch writes:
> Mark Andrews <marka at isc.org> wrote:
> >
> > Server cookies are the way to go though I would add timestamps so
> > that server secrets don't need to be changed.  The time stamp would
> > have to be within X seconds of the servers current concept of time
> > or it will be treated as a bad cookie.  The time would be concatenated
> > to the rest of the data to be hashed.
> 
> Are you referring to this?
> http://tools.ietf.org/html/draft-eastlake-dnsext-cookies

Yes.  It's a reasonable way to identify non-spoofed traffic which
means you can apply filtering techiques to the rest of the traffic
which will be a mix of spoofed and non-spoofed.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list