[dns-operations] DoS with amplification: yet another funny Unix script

Dobbins, Roland rdobbins at arbor.net
Tue Sep 11 19:42:36 UTC 2012

On Sep 11, 2012, at 11:38 PM, Vernon Schryver wrote:

> I fear that the technical note linked from that page fails to emphasize enough the drawbacks of firewall defenses against DNS reflection attacks

Beyond the DNS-specific issues cited, putting stateful firewalls in front of *any* server, much less busy DNS servers, is contraindicated.

It just amazes me that people continue to do this.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the dns-operations mailing list