On 25 May 2015, at 20:31, Steve via NANOG wrote: > Application layer DDoS attacks , in most (all?) cases require a valid > TCP/IP connection DNS query-floods are a notable exception. ----------------------------------- Roland Dobbins <rdobbins at arbor.net>