Reporting DDOS reflection attacks
Roland Dobbins
rdobbins at arbor.net
Sun Nov 9 02:33:06 UTC 2014
On 9 Nov 2014, at 6:46, Yardiel D. Fuentes wrote:
> http://bcop.nanog.org/index.php/BCOP_Drafts
There are some good general recommendations in this document (Word
format? Really?), but this is incorrect and harmful, and should be
removed:
iii. Consider dropping any DNS reply packets which are larger than 512
Bytes – these are commonly found in DNS DoS Amplification attacks.
This *breaks the Internet*. Don't do it.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list