10 Aug
2007
10 Aug
'07
9:32 p.m.
On Thu, 9 Aug 2007, Stephane Bortzmeyer wrote:
On Wed, Aug 08, 2007 at 03:20:56PM -0700, william(at)elan.net <william@elan.net> wrote a message of 23 lines which said:
How is that an "anti DoS" technique when you actually need to return an answer via UDP in order to force next request via TCP?
Because there is no amplification: the UDP response packet can be very small.
actually because it forces authentication of the source (authentication being that the source is a real-live host asking for dns services). Beyond that trick, the deviecs I've seen/used also catalog the rates of queries from individual hosts and force a cached answer to be generated locally if the loads get too high (per source).. Sorry this is a bit late to the punch :)