[dns-operations] Force TCP for external quereis to Open Resolvers?
lutz at iks-jena.de
Sun Mar 31 21:11:23 UTC 2013
* Jim Reid wrote:
> In this case, DDoS attackers would get those truncated responses sent
> to their victims. OK, they lose the amplification factor but they still
> get to flood the victim(s) with unsolicited traffic.
That does already happen in the wild. I was part of such an "TC=1" attack
and got sued over the remaining(!) 2Mbps. That's why I went further and stop
query processing at all for this victim: DNS Dampening.
More information about the dns-operations