[dns-operations] First experiments with DNS dampening to fight amplification attacks

Dobbins, Roland rdobbins at arbor.net
Fri Oct 26 00:01:18 UTC 2012

On Oct 26, 2012, at 12:48 AM, paul vixie wrote:

> until cisco makes source address validation the default

Unfortunately, neither Cisco nor any other network infrastructure vendor will do this absent some fundamental breakthrough in anti-spoofing mechanisms, because there are too many topological situations in which the primary existing mechanism (uRPF, ACLs) can induce overblocking.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the dns-operations mailing list