-----Original Message----- From: Lutz Donnerhacke <l...@iks-jena.de> Organization: IKS Jena, Thüringen Netz, Fitug Date: Thursday, October 25, 2012 12:43 PM To: "dns-operati...@mail.dns-oarc.net" <dns-operati...@mail.dns-oarc.net> Subject: Re: [dns-operations] First experiments with DNS dampening to fight amplification attacks
>* Lutz Donnerhacke wrote: >> If they are optimal or not is still an open question. But the patch is >> useable now. Far from perfect or finished, but used in practice. > >I was able to collect some statistics and keep an eye on the attacks >itself. >Interestingly the attackers seem to honor the RRL defaults and apply their >attacks in a way to render this patch useless. > >http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening-under-the-microscope Great writeup, thanks for sharing... Seems to show clever hacks can be useful (looks good for roots), but don't generally work against real hackers who typically read lists (and source code). :-) _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
