[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record
Dobbins, Roland
rdobbins at arbor.net
Fri Jun 24 22:47:02 UTC 2011
On Jun 24, 2011, at 6:21 PM, David Conrad wrote:
> But that would defeat the amplification attack, no?
Actually, all the attacker has to do is to vary the source port of each query in order to overwhelm stateful inspection devices.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the dns-operations
mailing list