-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/17/2012 6:22 AM, Daniel Stirnimann wrote:
> Hi Klaus
>
> On one of our name server which is secondary for a little over one
> thousand second level domains has been abused for DNS
> Amplification Attacks since November 2011.
>
> There has not b
On 8/17/2012 8:03 AM, Klaus Darilion wrote:
> Lately, there was much discussion and examples on how to block the DNS
> requests of DNS Amplification Attacks. Such filters prevent the name
> server seeing the request, thus of course massively reducing the
> outgoing traffic. But such filters can not
On Fri, Aug 17, 2012 at 01:11:09PM +0200, Faasen, Craig wrote:
> Thanks to everyone who responded to the question: "any idea why a name server
> would want to change the RD bit ?"
>
> Consensus is that there is no particular reason and that clients should not
> care about the RD bit in responses
Thanks to everyone who responded to the question: "any idea why a name server
would want to change the RD bit ?"
Consensus is that there is no particular reason and that clients should not
care about the RD bit in responses.
Best regards,
-- craig
__
Hi Klaus
On one of our name server which is secondary for a little over one
thousand second level domains has been abused for DNS Amplification
Attacks since November 2011.
There has not been a single week without such traffic. So, it is not
decreasing at all. Since May 2012 we are rate-limiting
Hi!
Lately, there was much discussion and examples on how to block the DNS
requests of DNS Amplification Attacks. Such filters prevent the name
server seeing the request, thus of course massively reducing the
outgoing traffic. But such filters can not reduce the incoming traffic -
the attacke
