[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reporting DDOS reflection attacks

Subject: Reporting DDOS reflection attacks
From: bmanning at isi.edu (manning bill)
Date: Sun, 9 Nov 2014 11:52:58 -0800
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 9November2014Sunday, at 11:40, Doug Barton <dougb at dougbarton.us> wrote:

> On 11/8/14 6:33 PM, Roland Dobbins wrote:
>> this is incorrect and harmful, and should be removed:
>> 
>>     iii.    Consider dropping any DNS reply packets which are larger
>> than 512 Bytes â?? these are commonly found in DNS DoS Amplification attacks.
>> 
>> This *breaks the Internet*.  Don't do it.
> 
> +1

actually, if you think this will help you, by all means drop any DNS packets which are gt. 512bytes, not UDP, and not IPv4.

/bill

References:
- Reporting DDOS reflection attacks
  - From: srn.nanog at prgmr.com (srn.nanog at prgmr.com)
- Reporting DDOS reflection attacks
  - From: frnkblk at iname.com (Frank Bulk)
- Reporting DDOS reflection attacks
  - From: yardiel at gmail.com (Yardiel D. Fuentes)
- Reporting DDOS reflection attacks
  - From: rdobbins at arbor.net (Roland Dobbins)
- Reporting DDOS reflection attacks
  - From: dougb at dougbarton.us (Doug Barton)

Prev by Date: Reporting DDOS reflection attacks
Next by Date: v6 cdn problems
Previous by thread: Reporting DDOS reflection attacks
Next by thread: Reporting DDOS reflection attacks
Index(es):
- Date
- Thread