[ratelimits] Poor CERT warning message
paul at redbarn.org
Tue Sep 10 22:13:54 UTC 2013
The announcement is rubbish. I've argued this extensively with the discoverers and now that they've gone public so will I. Vixie
Geert Jan de Groot <GeertJan.deGroot at xs4all.nl> wrote:
>Please have a look at:
>(which is in Dutch and which breaks google translate; cut/paste
>the text itself does work however).
>Note that this refers to a CERT message from a French CERT (again,
>use 'translate if required).
>I think these CERT warnings are poorly informed, incorrect,
>and lack a fundamental understanding of how RRL works.
>The mitigation proposed, instead of using RRL, is problematic:
>"Managers of resolver DNS servers (!) could use monitoring to
>detect unusual high amounts of DNS requests to detect an attack".
>Unfortunately, CERT messages are sometimes seen as gospel
>even when they are incorrect.
>I'm not sure about what to do against spread of this misinformation.
>ratelimits mailing list
>ratelimits at lists.redbarn.org
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ratelimits