[ratelimits] rrl mention in an nlnetlabs tech report
Yasuhiro Orange Morishita
yasuhiro at jprs.co.jp
Fri Aug 23 08:13:08 UTC 2013
Hello,
I've found a presentation slides made by the author. Thanks for google.
<http://rp.delaat.net/2012-2013/p92/presentation.pdf>
> Made by one of our interns.
Your intern is great.
-- Orange
> --Olaf
>
> PS. other related intern work: http://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf
>
From: Olaf Kolkman <olaf at NLnetLabs.nl>
Date: Fri, 23 Aug 2013 10:01:24 +0200
>
>
>
>
> On 22 aug. 2013, at 20:02, Paul Vixie <paul at redbarn.org> wrote:
>
> > saw this:
> >
> >> Another pro-active technique is Response Rate
> >> Limiting (RRL) [29]. It limits the number of unique
> >> responses sent by the authoritative server. Roughly,
> >> it works by keeping track of of several pieces of
> >> information of the responses. With every subsequent
> >> request, the name server checks whether the
> >> response that would be sent exceeds the set limit
> >> of responses per second per set of information. If
> >> this is the case, it either responds only once in a
> >> number of queries (configurable) or it sends a
> >> truncated (TC-flag set) answer, forcing a legitimate
> >> resolver to retry the query over TCP. RRL is currently
> >> the most promising technique and is implemented
> >> in the most popular name server software like
> >> BIND [14], NSD [20] and Knot [17]. The effectiveness
> >> of RRL is debated, it stops unsophisticated
> >> attacks using reflection.
> >
> > here:
> >
> > http://www.nlnetlabs.nl/downloads/publications/report-rp2-lexis.pdf
>
>
> Made by one of our interns.
>
> I wonder if you wanted to express something more than "look at this" with the specific quote?
>
> --Olaf
>
> PS. other related intern work: http://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf
>
>
More information about the ratelimits
mailing list