Reporting DDOS reflection attacks

Doug Barton dougb at dougbarton.us
Sun Nov 9 19:40:26 UTC 2014


On 11/8/14 6:33 PM, Roland Dobbins wrote:
> this is incorrect and harmful, and should be removed:
>
>      iii.    Consider dropping any DNS reply packets which are larger
> than 512 Bytes – these are commonly found in DNS DoS Amplification attacks.
>
> This *breaks the Internet*.  Don't do it.

+1


More information about the NANOG mailing list