On Feb 7, 2014, at 9:16, Tony Finch <[email protected]> wrote: > Patrick W. Gilmore <[email protected]> wrote: >>> On Feb 07, 2014, at 07:09 , Tony Finch <[email protected]> wrote: >>> >>> If my busy name server is getting 1000 qps of real traffic from all over >>> the net, and 1000 qps of attack traffic "from" some victim, then RRL will >>> attenuate responses to the victim without affecting other users. >>> >>> In the absence of RRL, the victim will be denied service by overwhelming >>> traffic. In the presence of RRL the victim might have slightly slower DNS >>> resolution. >> >> Not just the victim. > > What not just the victim? In the absence of RRL the DDoS attack is likely > to cause collateral damage, yes. In the presence of RRL non-victims are > unaffected as long as the attack isn't overwhelming the name server.
You said: "In the absence of RRL, the victim will be denied service by overwhelming traffic." I was saying more than the victim would be hurt in the absence of RRL. The other users of the amp server very likely would be affected through resource exhaustion. Users between the amp & victim as the amp attack makes its way through the Internet. Etc., etc. My guess is you agree with those statements. Sorry if this wasn't clear originally. -- TTFN, patrick _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
