[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt

To: Dean Anderson <dean at av8.com>
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
From: Ron Bonica <rbonica at juniper.net>
Date: Tue, 09 Sep 2008 16:19:47 -0400
Cc: IETF DNSOP WG <dnsop at ietf.org>, bmanning at vacation.karoshi.com, "Contreras, Jorge" <Jorge.Contreras at wilmerhale.com>, Peter Koch <pk at DENIC.DE>, iesg at ietf.org
Delivered-to: ietfarch-dnsop-archive at core3.amsl.com
Delivered-to: dnsop at core3.amsl.com
In-reply-to: <Pine.LNX.4.44.0809091511240.1674-100000 at citation2.av8.net>
List-archive: <http://www.ietf.org/pipermail/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.44.0809091511240.1674-100000 at citation2.av8.net>
Sender: dnsop-bounces at ietf.org
User-agent: Thunderbird 2.0.0.16 (Windows/20080708)

Dean,

Thanks for this proposal. At his point, I will sit quietly for a while
and let the WG comment on whether they think that your proposed
alternative mitigation is adequate. On Friday, the WG chairs will gauge
consensus and I will take appropriate action.

                              Ron


Dean Anderson wrote:

> 
> Mitigation of open resolver attacks is well described, both by BCP38 and 
> by the previous comparision with the more damaging DNS attack.
> 
> If one is attacked by open recursors, the mitigation during the attack
> is to filter the packets from the open recursors during the attack.  
> Filtering open recursors usually has little or no damage to either the
> recursor operator or the target of the attack. This is the typical
> response by ISPs to all kinds of packet flooding attacks. There is
> nothing special about open recursor attacks that requires any kind of
> special handling.
> 
> 		--Dean
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Follow-Ups:
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
  - From: Kurt Erik Lindqvist
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
  - From: David Conrad
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
  - From: Andrew Sullivan

References:
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
  - From: Dean Anderson

Prev by Date: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
Next by Date: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
Previous by thread: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
Next by thread: Re: [DNSOP] I-D Action:draft-ietf-dnsop-reflectors-are-evil-06.txt
Index(es):
- Date
- Thread