On Aug 4, 2015, at 12:35 PM, Donald Eastlake <d3e...@gmail.com> wrote: > What about the cryptographic computations at the client? And the > problem with the much larger responses wasn't necessarily at the > server but at the client, which probably has a narrower pipe than the > server and may be getting sprayed with traffic from many servers.
It might help if you could write up a clear analysis using real data that points to this as a concern. As far as I know, it’s not. Do people DDoS individual ISP customers? I’ve been the _vector_ of a DDoS attack that _felt_ like a DDoS attack on me because they used all my bandwidth, but that was because I had an open resolver. Literally within minutes of fixing the open resolver, the attack stopped. I’m unaware of examples of end users being the victims of DDoS attacks where they weren’t running open resolvers.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
