[dns-operations] DNS deluge for x.p.ctrc.cc

Geo georger at nls.net
Mon Feb 27 11:12:58 UTC 2006


I think most of you are too into DNS to see the real problem and the only
workable solution I can think of. The problem isn't DNS exploitation, it's
tcp/ip exploitation, ie spoofed traffic.

The solution is ingress/egress filters and finding a good way to test
netblocks to see if they are filtering for spoofed traffic originating on
their netblock. If you can't spoof with an outside IP, the damange you can
do is limited to the netblock you are on or at the least makes it easy to
track back to your netblock.


More information about the dns-operations mailing list