[175960] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Reporting DDOS reflection attacks

daemon@ATHENA.MIT.EDU (Doug Barton)
Sun Nov 9 14:40:42 2014

X-Original-To: nanog@nanog.org
Date: Sun, 09 Nov 2014 11:40:26 -0800
From: Doug Barton <dougb@dougbarton.us>
To: nanog@nanog.org
In-Reply-To: <EEF3C40F-003A-407D-81B9-F132FFFAD3B8@arbor.net>
Errors-To: nanog-bounces@nanog.org

On 11/8/14 6:33 PM, Roland Dobbins wrote:
> this is incorrect and harmful, and should be removed:
>
>      iii.    Consider dropping any DNS reply packets which are larger
> than 512 Bytes – these are commonly found in DNS DoS Amplification attacks.
>
> This *breaks the Internet*.  Don't do it.

+1


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[175960] in North American Network Operators' Group

Re: Reporting DDOS reflection attacks

daemon@ATHENA.MIT.EDU (Doug Barton)Sun Nov 9 14:40:42 2014

daemon@ATHENA.MIT.EDU (Doug Barton)
Sun Nov 9 14:40:42 2014