On 2014-04-14, Anthony K <akcentos@xxxxxxxxxx> wrote:
>
> Be aware of DND DDoS Amplification attack *[0]* if you are running this
> DNS at home as it can quickly deplete your bandwidth (if your ISP gives
> you quotas per month). I use the following *[1]* to help stop these
> queries. However, since I'm dropping these when they hit my router, I'm
> still losing bandwidth but not at a terribly fast pace!
>
> Although the ISP can definitely stop such queries from getting to you,
> it is not in their best interests and hence do nothing about it!
How is it not in their best interests? They still have to waste their
bandwidth and routing to route the packets across their network. If
it's a particularly persistent attack I imagine they'd rather block them
at their border.
...well, unless they get to charge you by the MB/GB. Last I heard that
was more common outside the US. In that case I suppose they might
prefer to get money from you rather than block the nuisance packets.
(Even in this case I imagine they'd prefer to block a very large-scale
DDoS, but those are probably rare against a typical home server.)
--keith
--
kkeller@xxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
