[ratelimits] Poor CERT warning message

P Vixie paul at redbarn.org
Tue Sep 10 22:13:54 UTC 2013

The announcement is rubbish. I've argued this extensively with the discoverers and now that they've gone public so will I.  Vixie

Geert Jan de Groot <GeertJan.deGroot at xs4all.nl> wrote:
>Please have a look at:
>(which is in Dutch and which breaks google translate; cut/paste 
>the text itself does work however).
>Note that this refers to a CERT message from a French CERT (again,
>use 'translate if required).
>I think these CERT warnings are poorly informed, incorrect, 
>and lack a fundamental understanding of how RRL works. 
>The mitigation proposed, instead of using RRL, is problematic:
>"Managers of resolver DNS servers (!) could use monitoring to
>detect unusual high amounts of DNS requests to detect an attack".
>Unfortunately, CERT messages are sometimes seen as gospel
>even when they are incorrect.
>I'm not sure about what to do against spread of this misinformation.
>Geert Jan
>ratelimits mailing list
>ratelimits at lists.redbarn.org

Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/ratelimits/attachments/20130910/d2d0e027/attachment.htm>

More information about the ratelimits mailing list