nanog mailing list archives

Open DNS Resolver reflection attack Mitigation

From: Joe Maimon <jmaimon () ttec com>
Date: Fri, 08 Jun 2012 15:09:04 -0400

Is there any publicly available rate limiting for BIND?

How about host-based IDS that can be used to trigger rtbh or iptables?

Google and Level3 manage to run open resolvers, why cant I?

Joe

Current thread:

Open DNS Resolver reflection attack Mitigation Joe Maimon (Jun 08)
- Re: Open DNS Resolver reflection attack Mitigation Dobbins, Roland (Jun 08)
  - Re: Open DNS Resolver reflection attack Mitigation Joe Maimon (Jun 08)
- Re: Open DNS Resolver reflection attack Mitigation Stephane Bortzmeyer (Jun 08)
  - Re: Open DNS Resolver reflection attack Mitigation Joe Maimon (Jun 08)
  - Re: Open DNS Resolver reflection attack Mitigation Owen DeLong (Jun 08)
    - Re: Open DNS Resolver reflection attack Mitigation Stephane Bortzmeyer (Jun 08)
    - Re: Open DNS Resolver reflection attack Mitigation Owen DeLong (Jun 08)
- rate limiting (Re: Open DNS Resolver reflection attack Mitigation) Paul Vixie (Jun 10)