[175968] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Reporting DDOS reflection attacks

daemon@ATHENA.MIT.EDU (Larry Sheldon)
Mon Nov 10 00:14:36 2014

X-Original-To: nanog@nanog.org
Date: Sun, 09 Nov 2014 19:23:32 -0600
From: Larry Sheldon <larrysheldon@cox.net>
To: nanog@nanog.org
In-Reply-To: <DXhP1p00b1cZc5601XhRGp>
Errors-To: nanog-bounces@nanog.org

On 11/9/2014 13:40, Doug Barton wrote:
> On 11/8/14 6:33 PM, Roland Dobbins wrote:
>> this is incorrect and harmful, and should be removed:
>>
>>      iii.    Consider dropping any DNS reply packets which are larger
>> than 512 Bytes – these are commonly found in DNS DoS Amplification
>> attacks.
>>
>> This *breaks the Internet*.  Don't do it.
>
> +1
>
The whole thing>  Really?

-- 
The unique Characteristics of System Administrators:

The fact that they are infallible; and,

The fact that they learn from their mistakes.


Quis custodiet ipsos custodes


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[175968] in North American Network Operators' Group

Re: Reporting DDOS reflection attacks

daemon@ATHENA.MIT.EDU (Larry Sheldon)Mon Nov 10 00:14:36 2014

daemon@ATHENA.MIT.EDU (Larry Sheldon)
Mon Nov 10 00:14:36 2014