[dns-operations] Tracking the DNS amplification attacks (was: isprime DOS in progress)
SM
sm at resistor.net
Sun Jan 25 06:26:11 UTC 2009
At 21:33 24-01-2009, Roger Marquis wrote:
>This is all, however, treating symptoms. The root cause would be far
>better fixed with a named patch implementing Chris Paul's recommendation to
>NANOG back in August:
You will then have to deal with sites that block TCP port 53. Using
stateful connections also requires mitigation against stateful
resource attacks.
Regards,
-sm
More information about the dns-operations
mailing list