Skip to content
Snippets Groups Projects
Verified Commit 54f05e4d authored by Vladimír Čunát's avatar Vladimír Čunát Committed by Petr Špaček
Browse files

mitigate NXNSAttack protocol vulnerability for unresolvable NS names

CWE-406: Insufficient Control of Network Message Volume (Network Amplification)

We now limit number of failed NS name resolution attempts for each
request. This does not prevent attacker from spoofing delegations
but it puts upper bound on amplification factor.
parent fdaa4150
Branches
Tags
1 merge request!1003NXNSAttack mitigation
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment