Reporting DDOS reflection attacks

Larry Sheldon larrysheldon at cox.net
Mon Nov 10 01:23:32 UTC 2014


On 11/9/2014 13:40, Doug Barton wrote:
> On 11/8/14 6:33 PM, Roland Dobbins wrote:
>> this is incorrect and harmful, and should be removed:
>>
>>      iii.    Consider dropping any DNS reply packets which are larger
>> than 512 Bytes – these are commonly found in DNS DoS Amplification
>> attacks.
>>
>> This *breaks the Internet*.  Don't do it.
>
> +1
>
The whole thing>  Really?

-- 
The unique Characteristics of System Administrators:

The fact that they are infallible; and,

The fact that they learn from their mistakes.


Quis custodiet ipsos custodes


More information about the NANOG mailing list