[dns-operations] Force TCP for external quereis to Open Resolvers?

Lutz Donnerhacke lutz at iks-jena.de
Sun Mar 31 21:11:23 UTC 2013

* Jim Reid wrote:
> In this case, DDoS attackers would get those truncated responses sent
> to their victims. OK, they lose the amplification factor but they still
> get to flood the victim(s) with unsolicited traffic.

That does already happen in the wild. I was part of such an "TC=1" attack
and got sued over the remaining(!) 2Mbps. That's why I went further and stop
query processing at all for this victim: DNS Dampening.

More information about the dns-operations mailing list