nanog mailing list archives
Re: DNS deluge for x.p.ctrc.cc
From: "Christopher L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Sun, 26 Feb 2006 21:04:15 +0000 (GMT)
On Sun, 26 Feb 2006, Joe Abley wrote:
As a temporary mitigation tool today, when the volume of legitimate, large-packet EDNS0 traffic is near-zero, blocking big 53/udp packets might *sound* reasonable. However, we all know how permanent
how are you certain that the udp/53 1500 byte packet is 'dns'? and not kazaa/gnutella/bittorrent/vpn-in-udp-53 ? It seems that filtering the TRAFFIC is short sighted on several fronts :( deciding if you will/won't be part of the global-recursive-dns-server 'problem' is entirely different though.
temporary filters can be. Crippling EDNS0 transport in the future seems like a very high price to pay for what might be a very temporary, short-term reduction in attack traffic.
seems like global tcp/139|tcp/445 filters, or bogon filters... bits put into configs 'now' and completely forgotten about 'tomorrow' :(
Current thread:
- Re: DNS deluge for x.p.ctrc.cc, (continued)
- Re: DNS deluge for x.p.ctrc.cc Jon Lewis (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc bmanning (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc Nicholas Suan (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc Rob Thomas (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc Randy Bush (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Jon Lewis (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Joe Provo (Feb 25)
- Re: DNS deluge for x.p.ctrc.cc Joe Abley (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Christopher L. Morrow (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc bmanning (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Paul Vixie (Feb 26)
- Message not available
- Re: DNS deluge for x.p.ctrc.cc Barrett Lyon (Feb 26)
- Re: DNS deluge for x.p.ctrc.cc Rob Thomas (Feb 27)