nanog mailing list archives
Re: Verisign broke GTLDs again?
From: Michael Tokarev <mjt () tls msk ru>
Date: Mon, 16 May 2005 18:38:28 +0400
Florian Weimer wrote:
* Michael Tokarev:Well ok, I know it's kinda expected -- "i don't understand what you're asking for, can't even repeat your question". But the next question is -- *why*?EDNS0 can be easily abused for traffic amplication purposes. 8-(
Root and TLD nameservers rarely have large answers to queries to exceed 512 bytes. (And for those rare cases if they exists, TCP connection should be established to get a reply -- this does not work quite well for forged UDP traffic, but it's still more legitimate traffic than larger UDP replies). But this does not really matter. I repeat: One don't have to "support" EDNS0, just don't report it as error, like broken routers does with ECN. And in this "mode of operations" there's no MORE ways to abuse it for the said purpose than currently exists. /mjt
Current thread:
- Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Florian Weimer (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Florian Weimer (May 16)
- Re: Verisign broke GTLDs again? Paul Vixie (May 16)
- Re: Verisign broke GTLDs again? Michael Tokarev (May 16)
- Re: Verisign broke GTLDs again? Mark Andrews (May 16)