[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Ray Bellis Ray.Bellis at nominet.org.uk
Wed Jun 22 12:52:15 UTC 2011

On 22 Jun 2011, at 13:25, Dobbins, Roland wrote:

> It's a state-table issue.  Stateful firewalls should *not* be placed in front of/on servers, period.

Ah, that.

When you said "Self-DoS" I took that as meaning the self-DoS you get when you try to change your iptables rules whilst logged into the box remotely, and inadvertently finding yourself locked out by those changes.


More information about the dns-operations mailing list