On 31.10.2012 02:52, Dobbins, Roland wrote:
On Oct 31, 2012, at 4:37 AM, Florian Weimer wrote:
Reflection attacks do not use totally random source addresses, so the typically
state exhaustion vector does not necessarily apply.
There are many more types of attacks other than reflection/amplification
attacks, though, and it's those to which I was referring - sorry for being
unclear.
Agreed. That's why I mentioned that our iptables based rate limiting
only mitigates the current ANY amplification attacks, not all kind of
attacks.
regards
Klaus
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
