nanog mailing list archives
Re: Reporting DDOS reflection attacks
From: manning bill <bmanning () isi edu>
Date: Sun, 9 Nov 2014 11:52:58 -0800
On 9November2014Sunday, at 11:40, Doug Barton <dougb () dougbarton us> wrote:
On 11/8/14 6:33 PM, Roland Dobbins wrote:this is incorrect and harmful, and should be removed: iii. Consider dropping any DNS reply packets which are larger than 512 Bytes – these are commonly found in DNS DoS Amplification attacks. This *breaks the Internet*. Don't do it.+1
actually, if you think this will help you, by all means drop any DNS packets which are gt. 512bytes, not UDP, and not IPv4. /bill
Current thread:
- Re: Reporting DDOS reflection attacks, (continued)
- Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Ruairi Carroll (Nov 08)
- Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Damian Menscher (Nov 08)
- Re: Reporting DDOS reflection attacks Brian Rak (Nov 09)
- Re: Reporting DDOS reflection attacks srn . nanog (Nov 09)
- Re: Reporting DDOS reflection attacks Brian Rak (Nov 09)
- RE: Reporting DDOS reflection attacks Frank Bulk (Nov 08)
- Re: Reporting DDOS reflection attacks Yardiel D. Fuentes (Nov 08)
- Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 08)
- Re: Reporting DDOS reflection attacks Doug Barton (Nov 09)
- Re: Reporting DDOS reflection attacks manning bill (Nov 09)
- Message not available
- Re: Reporting DDOS reflection attacks Larry Sheldon (Nov 09)
- Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 09)
- Re: Reporting DDOS reflection attacks Yardiel D. Fuentes (Nov 08)