nanog mailing list archives

Re: [SECURITY] Application layer attacks/DDoS attacks

From: "Roland Dobbins" <rdobbins () arbor net>
Date: Tue, 26 May 2015 12:19:58 +0700


On 26 May 2015, at 4:27, Randy Bush wrote:

may i remind you of the dns query flood i had which you helpedresearch?
udp and tcp, from the same sources.

Yes - we determined that the TCP-based queries were a result of RRL,which is optimized to help with spoofed reflection/amplificationattacks, but isn't intended to handle non-spoofed query-floods (henceS/RTBH, flowspec, IDMS, et. al.) like the particular ANY query-flooddirected at your auths.


-----------------------------------
Roland Dobbins <rdobbins () arbor net>

Current thread:

RE: [SECURITY] Application layer attacks/DDoS attacks, (continued)
- - - RE: [SECURITY] Application layer attacks/DDoS attacks Keith Medcalf (May 25)
    - Re: [SECURITY] Application layer attacks/DDoS attacks jim deleskie (May 25)
    - Re: [SECURITY] Application layer attacks/DDoS attacks Roland Dobbins (May 25)
    - Re: [SECURITY] Application layer attacks/DDoS attacks Roland Dobbins (May 25)
- Re: [SECURITY] Application layer attacks/DDoS attacks Roland Dobbins (May 23)
- Re: [SECURITY] Application layer attacks/DDoS attacks Scott Weeks (May 23)
  - Re: [SECURITY] Application layer attacks/DDoS attacks Roland Dobbins (May 23)
- Re: [SECURITY] Application layer attacks/DDoS attacks Steve via NANOG (May 25)
  - Re: [SECURITY] Application layer attacks/DDoS attacks Roland Dobbins (May 25)
    - Re: [SECURITY] Application layer attacks/DDoS attacks Randy Bush (May 25)
    - Re: [SECURITY] Application layer attacks/DDoS attacks Roland Dobbins (May 25)