[dns-operations] Configurable TC=1?
paul at redbarn.org
Fri Dec 25 02:09:24 UTC 2015
On Thursday, December 24, 2015 12:22:41 PM Ralf Weber wrote:
> My goal is to help people to mitigate attacks. For that I use all of the
> available tools.
every time we use an incrementally just-good-enough tool to stop attackers, we educate
them without demotivating them. please stop. the systemic defects in the internet that make
it insecure include the approach you are describing.
> There are scenarios where RRL just won't work as others have pointed
no. actually, what's been described are various bypasses that work around RRL, all of which
are far more expensive (in retooling costs) to attackers than shifting to a completely different
protocol (SSDP, ICMP, NTP, or TCP-SYN).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations