Dean,
Thanks for this proposal. At his point, I will sit quietly for a while
and let the WG comment on whether they think that your proposed
alternative mitigation is adequate. On Friday, the WG chairs will gauge
consensus and I will take appropriate action.
Ron
Dean Anderson wrote:
>
> Mitigation of open resolver attacks is well described, both by BCP38 and
> by the previous comparision with the more damaging DNS attack.
>
> If one is attacked by open recursors, the mitigation during the attack
> is to filter the packets from the open recursors during the attack.
> Filtering open recursors usually has little or no damage to either the
> recursor operator or the target of the attack. This is the typical
> response by ISPs to all kinds of packet flooding attacks. There is
> nothing special about open recursor attacks that requires any kind of
> special handling.
>
> --Dean
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
