Reporting DDOS reflection attacks

Larry Sheldon larrysheldon at
Mon Nov 10 01:23:32 UTC 2014

On 11/9/2014 13:40, Doug Barton wrote:
> On 11/8/14 6:33 PM, Roland Dobbins wrote:
>> this is incorrect and harmful, and should be removed:
>>      iii.    Consider dropping any DNS reply packets which are larger
>> than 512 Bytes – these are commonly found in DNS DoS Amplification
>> attacks.
>> This *breaks the Internet*.  Don't do it.
> +1
The whole thing>  Really?

The unique Characteristics of System Administrators:

The fact that they are infallible; and,

The fact that they learn from their mistakes.

Quis custodiet ipsos custodes

More information about the NANOG mailing list