DNS keyserver (was Re: gnupg-1.0.7: keyserver subdir?)

[Michael Graff]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon Josefsson <jas@extundo.com> writes:

> Is the packet size really the important factor?  I thought a good DDOS
> attack used a protocol that generated several packets given only one.
> Like broadcast ping.
> 
> Also, is it possible to spoof an EDNS.0 session?  I don't remember the
> details, but it may include some kind of cookie, like TCP, which you
> need to guess in order to continue.

Well, a 64k UDP packet will be chopped up into more than 40 packets.

> Or switch to TCP.

If you're going to do that, why use DNS?

- --Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
Comment: See http://www.flame.org/~explorer/pgp for my keys

iD8DBQE9LG/il6Nz7kJWYWYRAmYyAJ9p883ZxmBzYmxhnFdHLxXeCbLw8QCfepwo
SajmTChbvfJQjBI1Ws7+v1M=
=/ZSH
-----END PGP SIGNATURE-----