On Jan 16, 2014 9:08 AM, "Andrew Sullivan" <asulli...@dyn.com> wrote: > > On Thu, Jan 16, 2014 at 11:48:56AM -0500, Christopher Morrow wrote: > > > > I totally agree... I was actually joking in my last note :( sorry for > > not adding the ":)" as requisite in email. > > I'm sorry my humour is now so impaired from reading 1net and other > such things that I didn't figure it out! > > > So... what other options are there to solve the larger problem […] > > If I knew, I'd run out an implement it rather than talk about it! > > A >
Well. These reflection attacks have something in common. The big ones (chargen, dns, ntp) are all IPv4 UDP. And these are all *very* big. I hate to throw the baby out with the bathwater, but in my network, IPv4 UDP is overstaying it's welcome. Just like IPv4 ICMP in 2001 - 2003, its fate is nearly certain. I hope QUIC does not stay on UDP, as it may find itself cut off at the legs. CB > -- > Andrew Sullivan > Dyn, Inc. > asulli...@dyn.com > v: +1 603 663 0448 >