On Tue, 9 Sep 2008, Ron Bonica wrote:
> Bill,
>
> That why in the next paragraph I said:
>
> > If you think that you have an alternative plan for mitigating this
> > attack, you might be able to resurrect open resolvers with a new draft
> > that describes this mitigation.
>
> Also, if Dean feels that the alternative mitigation is so compelling
> that he could muster WG consensus around it, he has until this Friday to
> describe the mitigation on the mailing list.
Mitigation of open resolver attacks is well described, both by BCP38 and
by the previous comparision with the more damaging DNS attack.
If one is attacked by open recursors, the mitigation during the attack
is to filter the packets from the open recursors during the attack.
Filtering open recursors usually has little or no damage to either the
recursor operator or the target of the attack. This is the typical
response by ISPs to all kinds of packet flooding attacks. There is
nothing special about open recursor attacks that requires any kind of
special handling.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
