On Mon, 18 Aug 2008, bert hubert wrote: > On Sun, Aug 17, 2008 at 11:42:39PM -0400, Dean Anderson wrote: > > > TCP isn't susceptible to this kind of attack at all. TCP spoofing is > > While this is true, it turns out the current crop of authoritative > nameservers, including mine, is not up to serving thousands of > requests/second over TCP. Or at least not thousands of new sessions/second.
I agree. TCP connection caching is necessary. > I'm working on in-place spoofing countermeasures and I've already had to > stop my tests because I ended up overloading the authentic authoritative > servers with TCP queries. I am interested in helping with this. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop