[dns-operations] First experiments with DNS dampening to fight amplification attacks
Mark Andrews
marka at isc.org
Fri Sep 28 14:48:38 UTC 2012
In message <alpine.LSU.2.00.1209281541070.1469 at hermes-1.csi.cam.ac.uk>, Tony Finch writes:
> Mark Andrews <marka at isc.org> wrote:
> >
> > Server cookies are the way to go though I would add timestamps so
> > that server secrets don't need to be changed. The time stamp would
> > have to be within X seconds of the servers current concept of time
> > or it will be treated as a bad cookie. The time would be concatenated
> > to the rest of the data to be hashed.
>
> Are you referring to this?
> http://tools.ietf.org/html/draft-eastlake-dnsext-cookies
Yes. It's a reasonable way to identify non-spoofed traffic which
means you can apply filtering techiques to the rest of the traffic
which will be a mix of spoofed and non-spoofed.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list