[dns-operations] DNS reflection useful without amplification?

Paul Vixie paul at redbarn.org
Thu Sep 8 04:47:36 UTC 2016

Damian Menscher wrote:
> On Wed, Sep 7, 2016 at 1:23 AM, Paul Vixie <paul at redbarn.org
> <mailto:paul at redbarn.org>> wrote:
>     <http://www.circleid.com/posts/20130913_on_the_time_value_of_security_features_in_dns/>)
> It's a fine claim, but is unrelated to the subject line of this thread,
> "DNS reflection useful without amplification?"  You're simply claiming
> amplification is useful for pps (as well as for bps), not that
> amplification is not needed.

i should turn in my keyboard and stop writing, maybe. how can i make 
clear that reflection is an adequate motive for an attacker, and that 
only attenuation, at both the packet level and the octet level, will 
discourage such attackers? where "discourage" means making them find 
other non-attenuating reflectors.

P Vixie

More information about the dns-operations mailing list