[175961] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Reporting DDOS reflection attacks

daemon@ATHENA.MIT.EDU (manning bill)
Sun Nov 9 14:53:29 2014

X-Original-To: nanog@nanog.org
From: manning bill <bmanning@isi.edu>
In-Reply-To: <545FC32A.9020200@dougbarton.us>
Date: Sun, 9 Nov 2014 11:52:58 -0800
To: Doug Barton <dougb@dougbarton.us>
X-MailScanner-From: bmanning@isi.edu
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org



On 9November2014Sunday, at 11:40, Doug Barton <dougb@dougbarton.us> =
wrote:

> On 11/8/14 6:33 PM, Roland Dobbins wrote:
>> this is incorrect and harmful, and should be removed:
>>=20
>>     iii.    Consider dropping any DNS reply packets which are larger
>> than 512 Bytes =96 these are commonly found in DNS DoS Amplification =
attacks.
>>=20
>> This *breaks the Internet*.  Don't do it.
>=20
> +1

actually, if you think this will help you, by all means drop any DNS =
packets which are gt. 512bytes, not UDP, and not IPv4.

/bill


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[175961] in North American Network Operators' Group

Re: Reporting DDOS reflection attacks

daemon@ATHENA.MIT.EDU (manning bill)Sun Nov 9 14:53:29 2014

daemon@ATHENA.MIT.EDU (manning bill)
Sun Nov 9 14:53:29 2014