[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS Attacks

Subject: DNS Attacks
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Wed, 18 Jan 2012 10:41:30 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Wed, Jan 18, 2012 at 10:05 AM, Nick Hilliard <nick at foobar.org> wrote:
> On 18/01/2012 14:18, Leigh Porter wrote:
>> Yeah like I say, it wasn't my idea to put DNS behind firewalls. As long
>> as it is not *my* firewalls I really don't care what they do ;-)
>
> As you're posting here, it looks like it's become your problem. :-D
>
> Seriously, though, there is no value to maintaining state for DNS queries.
> ?You would be much better off to put your firewall production interfaces on
> a routed port on a hardware router so that you can implement ASIC packet
> filtering. ?This will operate at wire speed without dumping you into the
> colloquial poo every time someone decides to take out your critical
> infrastructure.

I get the feeling that leigh had implemented this against his own
advice for a client... that he's onboard with 'putting a firewall in
front of a dns server is dumb' meme...

Follow-Ups:
- DNS Attacks
  - From: smb at cs.columbia.edu (Steven Bellovin)

References:
- DNS Attacks
  - From: dennis at justipit.com (Dennis)
- DNS Attacks
  - From: leigh.porter at ukbroadband.com (Leigh Porter)
- DNS Attacks
  - From: nick at foobar.org (Nick Hilliard)

Prev by Date: DNS Attacks
Next by Date: DNS Attacks
Previous by thread: DNS Attacks
Next by thread: DNS Attacks
Index(es):
- Date
- Thread