strong +1 here. recommended reading or re-reading. On Thursday, 2 April 2020 17:23:22 UTC Fred Morris wrote: > On Thu, 2 Apr 2020, Davey Song wrote: > > I'm very confused that why people on the list are suggesting RRL (even > > BCP38) to the victim of DoS attack? > > The reason rate limiting, of any kind (not just DNS, not just UDP; TCP SYN > for example), helps in a spoofed source attack is because it makes you a > less nourishing host for the parasites and hopefully they eventually move > on. > > It also means that a persistent legitimate party is more likely to get an > answer. > > It also means that the true victim (behind the spoofed source address) is > less likely to mitigate by blocking traffic from you (your legitimate > source address when you reply).
-- Paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
