[dns-operations] Continued weekly DDoS fun
Roland Dobbins
rdobbins at cisco.com
Mon Jan 12 18:24:27 UTC 2009
On Jan 13, 2009, at 2:08 AM, Tom Daly wrote:
> This would help. I'll ask our upstreams.
Your upstream probably won't let you block source IPs on their side of
the last-mile hop, as this could obviously cause problems for other
customers homed into that same edge router, unfortunately. You can
certainly use it as a stopgap measure to block on your side, whilst
you ring for assistance.
It also might be useful to see if your upstream offers some kind of
Clean Pipes service which specifically deals with the peculiarities of
DNS DDoS.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile
All behavior is economic in motivation and/or consequence.
More information about the dns-operations
mailing list