[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Dobbins, Roland rdobbins at arbor.net
Fri Jun 24 22:47:02 UTC 2011

On Jun 24, 2011, at 6:21 PM, David Conrad wrote:

> But that would defeat the amplification attack, no?

Actually, all the attacker has to do is to vary the source port of each query in order to overwhelm stateful inspection devices.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

More information about the dns-operations mailing list