Hi Daisuke, On Sun, Mar 22, 2015 at 1:31 PM, Daisuke HIGASHI <[email protected]> wrote:
> Hi, > > I have implemented mitigation against random subdomain DoS attack (or > sometime referred as water torture attack) for Unbound utilizing > bloomfilter. > > https://github.com/hdais/unbound-bloomfilter > > It learns qnames which resulted in noerror using bloomfilter in peace > time. When a domain is set to be bloomfiltered (manually or > automatically) it accepts only qnames to be noerror for the domain. > > This effectively refuse only bad random queries that result would be > nxdomain while keeping the domain resolvable. > This is interesting; can you help me understand where does the 9.6 bits come from? Also, what would a false positive here be? A random query that was allowed or a legitimate query that was refused? > Regards, > -- > Daisuke HIGASHI > Maciej
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
