Open DNS Resolver reflection attack Mitigation

• Previous message (by thread): Open DNS Resolver reflection attack Mitigation
• Next message (by thread): Open DNS Resolver reflection attack Mitigation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 08, 2012 at 12:56:23PM -0700,
 Owen DeLong <owen at delong.com> wrote 
 a message of 28 lines which said:

> IPv6 should be a simple matter of putting the same line in your
> ip6tables file.

My experience with attack mitigation is that tools do not always work
as advertised and sometimes do bad things (such as crashing the
machine). So, I agree, it "should be a simple matter" but I prefer to
test first.

[For instance, my IPv4 rule required a maximum of 2^28 buckets in
memory while an IPv6 rule with --hashlimit-srcmask 64 would require a
maximum of 2^64 buckets... What will be the effect on the system
memory?]

• Previous message (by thread): Open DNS Resolver reflection attack Mitigation
• Next message (by thread): Open DNS Resolver reflection attack Mitigation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]