[54433] in North American Network Operators' Group
Re: DDos syn attack
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Dec 30 11:10:22 2002
From: Randy Bush <randy@psg.com>
To: "Christopher L. Morrow" <chris@uu.net>
Cc: <nanog@merit.edu>
Date: Mon, 30 Dec 2002 08:09:17 -0800
Errors-To: owner-nanog-outgoing@merit.edu
> This is also a very viable solution, provided the customer has
> provisioned for this with lower ttls on their DNS records, which
> ALOT of people (thankfully) don't do
actually, a bunch of research now shows that low ttls on A RRs
(that are not the A RRs of NS RRs) has little effect.
in the case a dns lookup is being done in a ddos, of course one
would prefer if the attacking zombies cached the lookup <grin>.
randy
