Reporting DDOS reflection attacks

manning bill bmanning at isi.edu
Sun Nov 9 19:52:58 UTC 2014


On 9November2014Sunday, at 11:40, Doug Barton <dougb at dougbarton.us> wrote:

> On 11/8/14 6:33 PM, Roland Dobbins wrote:
>> this is incorrect and harmful, and should be removed:
>> 
>>     iii.    Consider dropping any DNS reply packets which are larger
>> than 512 Bytes – these are commonly found in DNS DoS Amplification attacks.
>> 
>> This *breaks the Internet*.  Don't do it.
> 
> +1

actually, if you think this will help you, by all means drop any DNS packets which are gt. 512bytes, not UDP, and not IPv4.

/bill



More information about the NANOG mailing list