nanog mailing list archives
Re: ddos attacks
From: Edward Lewis <ed.lewis () neustar biz>
Date: Thu, 19 Dec 2013 11:18:03 -0500
On Dec 18, 2013, at 18:12, cb.list6 wrote:
I am strongly considering having my upstreams to simply rate limit ipv4 UDP. It is the simplest solution that is proactive.
Recently it's been said that when a protocol is "query/response" (like DNS), willingly suppressing responses might be as harmful as passing all the traffic. This comes from a presentation at October's DNS-OARC workshop: https://indico.dns-oarc.net//getFile.py/access?contribId=4&resId=0&materialId=slides&confId=1 This is a "what is possible in theory" presentation, said to help you set your expectation whether this is a true threat or not. The underlying message is that while a querier is waiting for a response, there is a window of vulnerability in which a forged response might be accepted. If the responder elects not to respond, they increase the (time) duration of that window. While "smart" rate limiting exhibits benefits I suspect "simple" rate limiting might have some undesirable consequences. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Why is it that people who fear government monitoring of social media are surprised to learn that I avoid contributing to social media?
Current thread:
- Re: ddos attacks, (continued)
- Re: ddos attacks Paul Ferguson (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Nick Hilliard (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Nick Hilliard (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Tore Anderson (Dec 19)
- Re: ddos attacks Lee Howard (Dec 19)
- Re: ddos attacks Jon Lewis (Dec 19)
- Re: ddos attacks cb.list6 (Dec 19)
- Re: ddos attacks cb.list6 (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Saku Ytti (Dec 20)
- Re: ddos attacks Dobbins, Roland (Dec 20)