automatic rtbh trigger using flow data

Roland Dobbins rdobbins at
Sun Sep 2 03:05:19 UTC 2018

On 1 Sep 2018, at 1:20, Lotia, Pratik M wrote:

> Arbor report mentions volumetric attacks using DNS, NTP form 75+% of 
> the attacks.

I'm well aware of what's mentioned in the Arbor report, thanks!


> Then QoSing certain ports and protocols is the best way to start with.

The point is that when applying broad policies of this nature, one must 
be very conservative, else one can cause larger problems on a macro 
scale.  Internet ateriosclerosis is a significant issue.

Roland Dobbins <rdobbins at>

More information about the NANOG mailing list