26 May
2015
26 May
'15
1:19 a.m.
On 26 May 2015, at 4:27, Randy Bush wrote:
may i remind you of the dns query flood i had which you helped research? udp and tcp, from the same sources.
Yes - we determined that the TCP-based queries were a result of RRL, which is optimized to help with spoofed reflection/amplification attacks, but isn't intended to handle non-spoofed query-floods (hence S/RTBH, flowspec, IDMS, et. al.) like the particular ANY query-flood directed at your auths. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>