[dns-operations] First experiments with DNS dampening to fight amplification attacks

[Dobbins, Roland]

On Oct 26, 2012, at 12:48 AM, paul vixie wrote:

> until cisco makes source address validation the default

Unfortunately, neither Cisco nor any other network infrastructure vendor will do this absent some fundamental breakthrough in anti-spoofing mechanisms, because there are too many topological situations in which the primary existing mechanism (uRPF, ACLs) can induce overblocking.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton