On 14 Apr 2021, at 01:48, Anand Buddhdev <ana...@ripe.net> wrote: > This is a short-sighted opinion. If just one authoritative server sends > out REFUSED responses towards an innocent, it won't matter. But if 1000 > authoritative servers all send out REFUSED responses towards an innocent > IP address, their combined volume and packet rate *is* significant.
Is it? How big is a REFUSED response? Even if it is 100 bytes (and I think it is not that large, but I cannot find it), 1000 refused would be 100K. How many thoudanss of servers do you need in this "DDoS" to overwhelm a pretty average connection? (My home connection is only 200Mbps down). Granted, a million machines would be generating a 100MB of data, which is insignificantes, but the number of pockets at that scale would probably be an issue. But is a million servers realistic? I don't think calling this a DDoS is accurate. It is more likely;y there is a known exploit for some servers and they are probing or it is some script kiddie just blasting out packets hoping to get lucky. -- "Are you pondering what I'm pondering?" "I think so, Mr. Brain, but if the sun'll come out tomorrow, what's it doing right now?" _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users