Reporting DDOS reflection attacks

• Previous message (by thread): Reporting DDOS reflection attacks
• Next message (by thread): Reporting DDOS reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9 Nov 2014, at 6:46, Yardiel D. Fuentes wrote:

> http://bcop.nanog.org/index.php/BCOP_Drafts

There are some good general recommendations in this document (Word 
format?  Really?), but this is incorrect and harmful, and should be 
removed:

	iii.	Consider dropping any DNS reply packets which are larger than 512 
Bytes – these are commonly found in DNS DoS Amplification attacks.

This *breaks the Internet*.  Don't do it.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): Reporting DDOS reflection attacks
• Next message (by thread): Reporting DDOS reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]