[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY] Application layer attacks/DDoS attacks

Subject: [SECURITY] Application layer attacks/DDoS attacks
From: rdobbins at arbor.net (Roland Dobbins)
Date: Tue, 26 May 2015 12:19:58 +0700
In-reply-to: <m2vbfg9wl7.wl%[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <m2vbfg9wl7.wl%[email protected]>

On 26 May 2015, at 4:27, Randy Bush wrote:

> may i remind you of the dns query flood i had which you helped 
> research?
> udp and tcp, from the same sources.

Yes - we determined that the TCP-based queries were a result of RRL, 
which is optimized to help with spoofed   reflection/amplification 
attacks, but isn't intended to handle non-spoofed query-floods (hence 
S/RTBH, flowspec, IDMS, et. al.) like the particular ANY query-flood 
directed at your auths.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

References:
- [SECURITY] Application layer attacks/DDoS attacks
  - From: angst1974 at yahoo.com (Steve)
- [SECURITY] Application layer attacks/DDoS attacks
  - From: rdobbins at arbor.net (Roland Dobbins)
- [SECURITY] Application layer attacks/DDoS attacks
  - From: randy at psg.com (Randy Bush)

Prev by Date: [SECURITY] Application layer attacks/DDoS attacks
Next by Date: gmail security is a joke
Previous by thread: [SECURITY] Application layer attacks/DDoS attacks
Next by thread: gmail security is a joke
Index(es):
- Date
- Thread