On Thu, 2 Apr 2020, Davey Song wrote:
I'm very confused that why people on the list are suggesting RRL (even BCP38) to the victim of DoS attack?
The reason rate limiting, of any kind (not just DNS, not just UDP; TCP SYN for example), helps in a spoofed source attack is because it makes you a less nourishing host for the parasites and hopefully they eventually move on.
It also means that a persistent legitimate party is more likely to get an answer.
It also means that the true victim (behind the spoofed source address) is less likely to mitigate by blocking traffic from you (your legitimate source address when you reply).
-- Fred Morris _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
