[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mitigating DNS amplification attacks

Subject: Mitigating DNS amplification attacks
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Wed, 1 May 2013 10:53:27 +0000
In-reply-to: <CAPWAtb+mPu9mpgAMhV1FkwMkW8-Hh+0ndhOc56Zdq=tGQ5LBsQ@mail.gmail.com>
References: <CDA5CF54.10D9A%[email protected]> <[email protected]> <CAPWAtb+mPu9mpgAMhV1FkwMkW8-Hh+0ndhOc56Zdq=tGQ5LBsQ@mail.gmail.com>

On May 1, 2013, at 5:42 PM, Jeff Wheeler wrote:

> The public list of smurf amplifiers turned out to be the only way to really deal with it.

It certainly helped; but the real solution was to get Cisco, et. al. to disable directed broadcasts by default.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

References:
- Mitigating DNS amplification attacks
  - From: jared at puck.nether.net (Jared Mauch)
- Mitigating DNS amplification attacks
  - From: jsw at inconcepts.biz (Jeff Wheeler)

Prev by Date: Mitigating DNS amplification attacks
Next by Date: Tier1 blackholing policy?
Previous by thread: Mitigating DNS amplification attacks
Next by thread: Mitigating DNS amplification attacks
Index(es):
- Date
- Thread