[dns-operations] DoS with amplification: yet another funny Unix script
Dobbins, Roland
rdobbins at arbor.net
Tue Sep 11 19:42:36 UTC 2012
On Sep 11, 2012, at 11:38 PM, Vernon Schryver wrote:
> I fear that the technical note linked from that page fails to emphasize enough the drawbacks of firewall defenses against DNS reflection attacks
Beyond the DNS-specific issues cited, putting stateful firewalls in front of *any* server, much less busy DNS servers, is contraindicated.
It just amazes me that people continue to do this.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the dns-operations
mailing list