[SECURITY] Application layer attacks/DDoS attacks

Roland Dobbins rdobbins at arbor.net
Tue May 26 05:19:58 UTC 2015

On 26 May 2015, at 4:27, Randy Bush wrote:

> may i remind you of the dns query flood i had which you helped 
> research?
> udp and tcp, from the same sources.

Yes - we determined that the TCP-based queries were a result of RRL, 
which is optimized to help with spoofed   reflection/amplification 
attacks, but isn't intended to handle non-spoofed query-floods (hence 
S/RTBH, flowspec, IDMS, et. al.) like the particular ANY query-flood 
directed at your auths.

Roland Dobbins <rdobbins at arbor.net>

More information about the NANOG mailing list