[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Dobbins, Roland
rdobbins at arbor.net
Wed Jun 22 12:25:45 UTC 2011
On Jun 22, 2011, at 5:43 AM, Ray Bellis wrote:
> If you b0rk your main iptables you can still get in via IPv6 ;-)
It's a state-table issue. Stateful firewalls should *not* be placed in front of/on servers, period.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list