On 5 Aug 2015, at 1:58, Ralf Weber wrote:
On 5 Aug 2015, at 5:36, Mark Andrews wrote:
The analysis above is lacking.
"has cookie" is not the determining factor. "has good server cookie"
is the determining factor.
For the attack that Ted describes later these attackers will have a
good server cookie as they are behind open resolvers that implements
cookies, so I think his analysis is correct.
If an attacker is causing a system that does cookies to be an attack
vector, then this proposal does no harm or good. The assumption in the
proposal is that some of the attack traffic will continue to look like
it has for the past decade, coming from non-attack systems that have
been updated or from attack systems that have not been updated.
An earlier response to the proposal is, in essence, "no one will
implement this because it won't do any good and might do a bit of harm".
Others on the list have shown that they are interested in implementing
this.
It might be attractive to say "there can be no possible help to the DDoS
problem other than professional networking services that are seen
today", but so far the WG has not agreed with that. This proposal gives
those who cannot afford such services a chance to respond to a DDoS in a
way that might help.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
