On Jan 16, 2014 9:08 AM, "Andrew Sullivan" <asullivan@dyn.com> wrote:
On Thu, Jan 16, 2014 at 11:48:56AM -0500, Christopher Morrow wrote:
I totally agree... I was actually joking in my last note :( sorry for not adding the ":)" as requisite in email.
I'm sorry my humour is now so impaired from reading 1net and other such things that I didn't figure it out!
So... what other options are there to solve the larger problem […]
If I knew, I'd run out an implement it rather than talk about it!
A
Well. These reflection attacks have something in common. The big ones (chargen, dns, ntp) are all IPv4 UDP. And these are all *very* big. I hate to throw the baby out with the bathwater, but in my network, IPv4 UDP is overstaying it's welcome. Just like IPv4 ICMP in 2001 - 2003, its fate is nearly certain. I hope QUIC does not stay on UDP, as it may find itself cut off at the legs. CB
-- Andrew Sullivan Dyn, Inc. asullivan@dyn.com v: +1 603 663 0448