It's mostly DNS amplification attacks your provider will be filtering out on UDP... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

londons_explore on March 24, 2019 | parent | context | favorite | on: Why We Love QUIC and HTTP/3

It's mostly DNS amplification attacks your provider will be filtering out on UDP. They can still filter UDP port 53 to do that.

scurvy on March 24, 2019 [–]

Fragments are still fragments. If QUIC allows for IPv4 router based fragmentation, you're still susceptible to attack. V4 frags don't carry port information (there's no header).

IPv6 is better since there is no fragmentation. Maybe QUIC/http3 should be IPv6 only?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact