[80637] in North American Network Operators' Group
Re: anycast and ddos
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Fri May 6 21:43:36 2005
Date: Sat, 07 May 2005 01:43:11 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <e05f3929050506174897433cc@mail.gmail.com>
To: Kim Onnel <karim.adel@gmail.com>
Cc: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>, randy@psg.com,
nanog@nanog.org
Errors-To: owner-nanog@merit.edu
On Sat, 7 May 2005, Kim Onnel wrote:
> 2) Getting Riverhead, which is a shame if they had it and it didnt save the day.
riverhead has its warts, one of the larger ones is in some assumptions
made about DNS client behaviour :( from first-hand experience you have to
be very cautious when sticking one in front of a dns server(s), I imagine
the mix gets really fun when that server(s) are really boxes with
massively large lists of auth domains...
Either way, without first-hand info from the attackee it's going to be
tough to sort out what was and wasn't the problem... I do think that
someone is going to chat about tcp/53 filtering and possibly other things
DNS and ATTACK at the NSP-SEC BoF at nanog 34.
-Chris
