Hi, On Thu, Dec 06, 2018 at 11:41:28AM -0800, C. M. Heard wrote: > I do get the need for self-defense. But ... > > Does this apply to all UDP or just specific UDP-based protocols? > > What I commented on specifically was UDP/443 (QUIC), something > that people are actually trying to deploy.
We currently rate-limit NTP, DNS, memcached, LDAP/UDP and *fragments*
(because LDAP and NTP usually bring along large fragments).
We *currently* see no attacks on UDP/443, so we do not rate-limit that.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
_______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
