ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Technical - .org foundation proposal


Paul,

I'm just looking through some of the .org proposals.  In the  
technical part of the .org foundation proposal, C17.9, I've been 
stumbling over the following sentence:

	    * Proprietary request throttling technology developed by 
	    eNom, that can throttle by IP, will be deployed to  
	    prevent denial of service (DOS) attacks and UDP flood 
	    attacks.

I'm wondering how that's supposed to work - UDP is stateless; for  
this reason, each packet of a simple UDP flood attack can come from  
a different (faked) source IP address. Assuming that the attacker's  
ISP has egress filtering installed is certainly not safe.

Your explanation would be most welcome.

Regards,
-- 
Thomas Roessler                        <roessler@does-not-exist.org>
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>