Folks,
This is a reminder that only two questions are on the table. These are:
- is BCP38 enough to mitigate the attack vectors described in
draft-ietf-dnsop-reflectors-are-evil-06
- is filtering after the attack has begun good enough
Discussions of how many times this attack has been observed in the wild,
who has reported the attack, who that person works for, and whether that
person is credible are entirely out of bounds.
Ron
Dean Anderson wrote:
> On Thu, 11 Sep 2008, Olaf Kolkman wrote:
>
>> I do not have first hand experience from being under attack but I have
>> seen enough arguments that reflector attacks are not only
>> hypothetically possible but they also happen in real life. Not only
>> from private conversations but also from, for instance,
>> http://staff.washington.edu/dittrich/misc/ddos/grc-syn.txt
>
> This is a report from 2002, describing a 4x amplification attack.
>
>> and http://www.isotf.org/news/DNS-Amplification-Attacks.pdf and
>> references therein.
>
> The above is a document from Gadi Evron of Afilias, documenting the two
> small motivating attacks. There is nothing new in that report.
>
>> The fact that folk do not have first hand experience in being attacked
>> does not dismis them from making an informed trade-off.
>
> There is first-hand experience and hearsay. What you have is hearsay
> and rehashed old reports.
>
> --Dean
>
>
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
