nanog mailing list archives

Re: Reporting DDOS reflection attacks

From: manning bill <bmanning () isi edu>
Date: Sun, 9 Nov 2014 11:52:58 -0800



On 9November2014Sunday, at 11:40, Doug Barton <dougb () dougbarton us> wrote:

On 11/8/14 6:33 PM, Roland Dobbins wrote:

this is incorrect and harmful, and should be removed:

    iii.    Consider dropping any DNS reply packets which are larger
than 512 Bytes – these are commonly found in DNS DoS Amplification attacks.

This *breaks the Internet*.  Don't do it.

+1


actually, if you think this will help you, by all means drop any DNS packets which are gt. 512bytes, not UDP, and not 
IPv4.

/bill

Current thread:

Re: Reporting DDOS reflection attacks, (continued)
- - - Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Ruairi Carroll (Nov 08)
  - Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Damian Menscher (Nov 08)
  - Re: Reporting DDOS reflection attacks Brian Rak (Nov 09)
    - Re: Reporting DDOS reflection attacks srn . nanog (Nov 09)
- RE: Reporting DDOS reflection attacks Frank Bulk (Nov 08)
  - Re: Reporting DDOS reflection attacks Yardiel D. Fuentes (Nov 08)
    - Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 08)
    - Re: Reporting DDOS reflection attacks Doug Barton (Nov 09)
    - Re: Reporting DDOS reflection attacks manning bill (Nov 09)
    - Message not available
    - Re: Reporting DDOS reflection attacks Larry Sheldon (Nov 09)
    - Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 09)