[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)
Roland Dobbins
rdobbins at arbor.net
Mon Sep 15 10:40:40 UTC 2014
On Sep 15, 2014, at 3:25 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> It may be interesting against amplification attacks (although it seems everyone moved to NTP amplification attacks, abandoning the DNS).
Actually, this isn't really what we're seeing - ntp and SSDP and SNMP and chargen and tftp reflection/amplification attacks are all taking place *alongside* DNS reflection/amplification attacks, rather than supplanting them. We sometimes see DNS reflection/amplification attacks mixed with ntp or SSDP in multi-vector reflection/amplification attacks, mainly in the gaming space.
Differing communities of 'interest', IMHO.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the dns-operations
mailing list