"trivial" changes to DNS (was: OpenNTPProject.org)

• Previous message (by thread): "trivial" changes to DNS (was: OpenNTPProject.org)
• Next message (by thread): "trivial" changes to DNS (was: OpenNTPProject.org)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jan 16, 2014 9:08 AM, "Andrew Sullivan" <asullivan at dyn.com> wrote:
>
> On Thu, Jan 16, 2014 at 11:48:56AM -0500, Christopher Morrow wrote:
> >
> > I totally agree... I was actually joking in my last note :( sorry for
> > not adding the ":)" as requisite in email.
>
> I'm sorry my humour is now so impaired from reading 1net and other
> such things that I didn't figure it out!
>
> > So... what other options are there to solve the larger problem […]
>
> If I knew, I'd run out an implement it rather than talk about it!
>
> A
>

Well. These reflection attacks have something in common. The big ones
(chargen, dns, ntp) are all IPv4 UDP. And these are all *very* big.

I hate to throw the baby out with the bathwater, but in my network, IPv4
UDP is overstaying it's welcome. Just like IPv4  ICMP in 2001 - 2003, its
fate is nearly certain.

I hope QUIC does not stay on UDP, as it may find itself cut off at the
legs.

CB

> --
> Andrew Sullivan
> Dyn, Inc.
> asullivan at dyn.com
> v: +1 603 663 0448
>

• Previous message (by thread): "trivial" changes to DNS (was: OpenNTPProject.org)
• Next message (by thread): "trivial" changes to DNS (was: OpenNTPProject.org)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]