[dns-operations] DNS reflection useful without amplification?
Paul Vixie
paul at redbarn.org
Thu Sep 8 04:47:36 UTC 2016
Damian Menscher wrote:
> On Wed, Sep 7, 2016 at 1:23 AM, Paul Vixie <paul at redbarn.org
> <mailto:paul at redbarn.org>> wrote:
>
> <http://www.circleid.com/posts/20130913_on_the_time_value_of_security_features_in_dns/>)
>
> It's a fine claim, but is unrelated to the subject line of this thread,
> "DNS reflection useful without amplification?" You're simply claiming
> amplification is useful for pps (as well as for bps), not that
> amplification is not needed.
i should turn in my keyboard and stop writing, maybe. how can i make
clear that reflection is an adequate motive for an attacker, and that
only attenuation, at both the packet level and the octet level, will
discourage such attackers? where "discourage" means making them find
other non-attenuating reflectors.
--
P Vixie
More information about the dns-operations
mailing list