On Jan 16, 2014 9:08 AM, "Andrew Sullivan" <asullivan@dyn.com> wrote:
On Thu, Jan 16, 2014 at 11:48:56AM -0500, Christopher Morrow wrote:
I totally agree... I was actually joking in my last note :( sorry for not adding the ":)" as requisite in email.
I'm sorry my humour is now so impaired from reading 1net and other such things that I didn't figure it out!
So... what other options are there to solve the larger problem […]
If I knew, I'd run out an implement it rather than talk about it!
Well. These reflection attacks have something in common. The big ones (chargen, dns, ntp) are all IPv4 UDP. And these are all *very* big. I hate to throw the baby out with the bathwater, but in my network, IPv4 UDP is overstaying it's welcome. Just like IPv4 ICMP in 2001 - 2003, its fate is nearly certain. I hope QUIC does not stay on UDP, as it may find itself cut off at the legs. CB
-- Andrew Sullivan Dyn, Inc. asullivan@dyn.com v: +1 603 663 0448