nanog mailing list archives

Re: Reporting DDOS reflection attacks

From: "Roland Dobbins" <rdobbins () arbor net>
Date: Sun, 09 Nov 2014 09:33:06 +0700


On 9 Nov 2014, at 6:46, Yardiel D. Fuentes wrote:

http://bcop.nanog.org/index.php/BCOP_Drafts

There are some good general recommendations in this document (Wordformat? Really?), but this is incorrect and harmful, and should beremoved:

iii. Consider dropping any DNS reply packets which are larger than 512Bytes – these are commonly found in DNS DoS Amplification attacks.


This *breaks the Internet*.  Don't do it.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>

Current thread:

Re: Reporting DDOS reflection attacks, (continued)
- - - Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 08)
    - Re: Reporting DDOS reflection attacks Miles Fidelman (Nov 08)
    - Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Ruairi Carroll (Nov 08)
  - Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Damian Menscher (Nov 08)
  - Re: Reporting DDOS reflection attacks Brian Rak (Nov 09)
    - Re: Reporting DDOS reflection attacks srn . nanog (Nov 09)
- RE: Reporting DDOS reflection attacks Frank Bulk (Nov 08)
  - Re: Reporting DDOS reflection attacks Yardiel D. Fuentes (Nov 08)
    - Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 08)
    - Re: Reporting DDOS reflection attacks Doug Barton (Nov 09)
    - Re: Reporting DDOS reflection attacks manning bill (Nov 09)
    - Message not available
    - Re: Reporting DDOS reflection attacks Larry Sheldon (Nov 09)
    - Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 09)