Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] DDOS, open resolvers, how to solve?

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] DDOS, open resolvers, how to solve?


Chronological Thread 
  • From: Guillaume Parent <gparent AT gparent.org>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] DDOS, open resolvers, how to solve?
  • Date: Fri, 13 Dec 2013 02:29:27 +0000

I'm writing one, but it's far from ready. I'm open to any suggestions myself, log correlation tools could maybe be quickly hacked up for this? Things like Snort?


On Fri, Dec 13, 2013 at 2:27 AM, Coyo <coyo AT darkdna.net> wrote:

On 12/12/2013 08:24 PM, Guillaume Parent wrote:
I still believe that heuristics with manual review and rate limiting is the best way to deal with this issue. Also, having a connection that's worth a fuck helps. Home connections, while still very useful for helping the network and OpenNIC users resolving DNS rapidly, are never going to resist any relevant DDoS attack.

Incoming packets will not be stopped by a silly HTML form unless every upstream ISP we have cooperates with us, and that's still a significant threat for people with low transfer connections.

Having a registration system will direct the attacks towards the servers that do not enforce it, simply moving the problem away and directing it to less targets. It also has privacy implications that I do not like.

I am not going to enforce any system that requires users to sign up to use my DNS service.

Heuristics and rate limiting should do nicely. What sorts of tools would one use to accomplish this?



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





Archive powered by MHonArc 2.6.19.

Top of Page