nanog mailing list archives
Re: Open Resolver Problems
From: Joe Abley <jabley () hopcount ca>
Date: Mon, 25 Mar 2013 12:45:40 -0400
On 2013-03-25, at 12:35, Alain Hebert <ahebert () pubnix net> wrote:
Well, Why would you only go after them? Easier target to mitigate the problem? That might be just me, but I find those peers allowing their customers to spoof source IP addresses more at fault. PS: Some form of adaptive rate limitation works for it btw =D
DNS servers (recursive and authoritative-only) are the low-hanging fruit du jour. I agree that there are many other effective amplifiers, and that even maximum DNS hygiene will not make the wider problem go away. A quick note on your final comment, though: whilst adaptive response rate limiting (so-called RRL) is fast developing into an effective mitigation for reflection attacks against authority-only servers, there is far less experience with traffic patterns or the effects of rate-limiting (using RRL or anything else) on recursive servers. The best advice for operation of recursive servers remains "restrict access to legitimate clients", not "apply rate-limiting". Joe
Current thread:
- Re: Open Resolver Problems, (continued)
- Re: Open Resolver Problems Valdis . Kletnieks (Mar 26)
- Re: Open Resolver Problems joel jaeggli (Mar 26)
- Re: Open Resolver Problems Jay Ashworth (Mar 26)
- Re: Open Resolver Problems Saku Ytti (Mar 26)
- Re: Open Resolver Problems Leo Bicknell (Mar 26)
- Re: Open Resolver Problems Scott Noel-Hemming (Mar 29)
- Re: Open Resolver Problems Mattias Ahnberg (Mar 25)
- Re: Open Resolver Problems Jared Mauch (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems Alain Hebert (Mar 25)
- Re: Open Resolver Problems Joe Abley (Mar 25)
- Re: Open Resolver Problems Måns Nilsson (Mar 25)
- Re: Open Resolver Problems Joe Abley (Mar 25)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems Alain Hebert (Mar 25)
- Re: Open Resolver Problems William Herrin (Mar 25)
- Re: Open Resolver Problems Nick Hilliard (Mar 25)
- Re: Open Resolver Problems William Herrin (Mar 25)
- Re: Open Resolver Problems Jay Ashworth (Mar 26)
- Re: Open Resolver Problems Mikael Abrahamsson (Mar 26)