[dns-operations] Tracking the DNS amplification attacks (was: isprime DOS in progress)

SM sm at resistor.net
Sun Jan 25 06:26:11 UTC 2009


At 21:33 24-01-2009, Roger Marquis wrote:
>This is all, however, treating symptoms.  The root cause would be far
>better fixed with a named patch implementing Chris Paul's recommendation to
>NANOG back in August:

You will then have to deal with sites that block TCP port 53.  Using 
stateful connections also requires mitigation against stateful 
resource attacks.

Regards,
-sm 




More information about the dns-operations mailing list