| 1 |
On 03/28/2013 04:57 PM, Kevin Chadwick wrote: |
| 2 |
> |
| 3 |
>> listened to the dangers and even now simply redesigned DNSSEC. |
| 4 |
> |
| 5 |
> Or they could fudge it by making every request requiring padding larger |
| 6 |
> than the response. Bandwidth would increase astronomically but amp |
| 7 |
> attacks would have to find other avenues. |
| 8 |
> |
| 9 |
|
| 10 |
Infeasible; the requester cannot know the size of the response in |
| 11 |
advance. If a packet comes in, and the response is larger than the |
| 12 |
request, is it really an amp packet, did the client not know, or is the |
| 13 |
server misconfigured and not limiting the response data as much as it could? |
Archives